Re: Limiting WPA access to a single SSID

Wes Schochet · ‎11-19-2012

It seems that oncea client has a certificate, they can attach to any SSID that uses cert based authentication. Is there a way to limit a certificate to only allow acces to a specific WLAN/SSID?

Scott Fella · ‎11-19-2012

Yes, but I'm guessing your talking about 802.1x. You can use the Called-Station-ID and specify the ssid in there. You would have to have individual polices per ssid and also depends on your radius server.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎11-19-2012

Here is an example for IAS or NPS:

http://social.technet.microsoft.com/Forums/en/winserverNAP/thread/fa662135-3ddd-4699-a8eb-83f9f85b5674

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Sebastian Helmer · ‎11-19-2012

If you are using a MS Radius IAS/NPS you should be able to use a dedicate certificate per Policy. But for PEAP e.g. you need just a trust and go. An Apple don't take care if he hast the root installed, he aks you, you accepts and you are in when you have the credentials.

I would go like Scot to checkout the Radius otions and I they helps you.

Why do you want to prevent this?