https://community.cisco.com/t5/wireless/wireless-authentication-assistance/m-p/5516643#M306472 <P>"Trusted Access" might be perfect for your BYOD use case.</P><P><A href="https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity</A></P><P>You could also consider using Meraki Systems Manager for company assets (you can't be using another MDM already for this option).</P><P><A href="https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview" target="_self" rel="nofollow noopener noreferrer">https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview</A> </P><P>If you are happy to run an internal RADIUS server and Windows CA server you can also use WPA2 Enterprise mode. This covers a lot of that:<BR /><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise" target="_self" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise</A> </P> Wed, 28 Feb 2024 20:00:50 GMT Philip D'Ath 2024-02-28T20:00:50Z https://community.cisco.com/t5/wireless/wireless-authentication-assistance/m-p/5516641#M306470 <P><SPAN><SPAN class="">They want to change some authentication for Wireless users</SPAN></SPAN></P><OL><LI><SPAN>We want to change the way users authenticate to the Internal Private. It doesn't make sense to keep our internal network as an SSID with a password that most people know. How are others authenticating internal users on devices that are on SSO in a easy secure manner?</SPAN></LI><LI><SPAN>We want to change - Guest into a more secure and segregated VLAN and introducing a new way for guests to authenticate as well instead of having an open password to everyone and no idle time or anything. How are others doing this. What would recommendations be</SPAN></LI><LI>What are ways where we can introduce a BYOD network to users that want to bring their cell phones/tablets to work, where the VLAN is similar to the guest one but with a similar authentication to the - Internal Private? obviously we could take them to a integrated splash page.</LI></OL> Wed, 28 Feb 2024 14:25:25 GMT https://community.cisco.com/t5/wireless/wireless-authentication-assistance/m-p/5516641#M306470 texasjet79 2024-02-28T14:25:25Z https://community.cisco.com/t5/wireless/wireless-authentication-assistance/m-p/5516642#M306471 <P>Hi,</P><P>Considering what you said, there are some possibilities.</P><P>For internal users, you can consider using 802.1X/EAP authentication methods1. This method is more secure and has replaced some outdated methods that have security weaknesses. You can also consider using multi-factor authentication methods to strengthen security while continuing to prioritize usability.</P><P>For guest network, you can create a separate VLAN for your guests. This prevents unauthorized access and associated security issues by isolating guest devices from the internal network.</P><P>For a BYOD network, you can consider using the same 802.1X/EAP authentication methods as your internal network. Additionally, you can use Single Sign-On tools that let employees use a single password to access a portal of company and cloud applications.</P><P>Of course, this is just a general recommendation, there are other options like Meraki's MDM.</P><P><A href="https://meraki.cisco.com/products/systems-manager/" target="_blank" rel="nofollow noopener noreferrer">https://meraki.cisco.com/products/systems-manager/</A></P> Wed, 28 Feb 2024 14:48:19 GMT https://community.cisco.com/t5/wireless/wireless-authentication-assistance/m-p/5516642#M306471 aleabrahao 2024-02-28T14:48:19Z https://community.cisco.com/t5/wireless/wireless-authentication-assistance/m-p/5516643#M306472 <P>"Trusted Access" might be perfect for your BYOD use case.</P><P><A href="https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Secure_Wireless_Connectivity</A></P><P>You could also consider using Meraki Systems Manager for company assets (you can't be using another MDM already for this option).</P><P><A href="https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview" target="_self" rel="nofollow noopener noreferrer">https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview</A> </P><P>If you are happy to run an internal RADIUS server and Windows CA server you can also use WPA2 Enterprise mode. This covers a lot of that:<BR /><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise" target="_self" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise</A> </P> Wed, 28 Feb 2024 20:00:50 GMT https://community.cisco.com/t5/wireless/wireless-authentication-assistance/m-p/5516643#M306472 Philip D'Ath 2024-02-28T20:00:50Z