09-09-2023 05:34 AM
We have Cisco WLC and ISE on our network infrastructure. Our goal is to authenticate and segregate various types of IOT devices (like barcode readers, HVAC systems, RFID readers, etc.) by mapping them to their respective VLANs while connecting to a single broadcasting SSID. We don't want to broadcast so many SSIDs.
Some devices support 802.1x and some don't.
Specifically, we want devices like HVAC systems to be placed in their own VLAN (e.g., HVAC VLAN) upon successful authentication. How would you do it and what is your process in your organization?
I would greatly appreciate any advice to help us accomplish this task effectively and securely.
Thanks in advance for your expertise!
09-09-2023 07:33 AM
Have you considered iPSK, since some of devices do not support 802.1X.
09-09-2023 07:24 PM
We have a rule-of-thumb in regards to "on boarding" wireless clients. And that is: Put mobile clients into wireless and cable up stationary clients.
The madness into this logic is because equipment manufacturers slap wireless chip into machineries so they can sell more. And when issue starts to appear with machineries in the wireless sphere, equipment manufacturers do not have technical team who have a good idea what the wireless NIC can/cannot do so it is easy for the manufacturers to blame the client's wireless network as a reason.
If the HVAC does not play nice with Dot1x, even with MAB, then be prepared for iPSK. If the HVAC still will not play nice with iPSK, cable it up.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide