Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6902
Views
22
Helpful
17
Replies

Best authentication method for controlling DEVICE access to wlan

Go to solution
Konnan19183
Level 1
Level 1

‎05-06-2013 11:27 AM - edited ‎07-04-2021 12:01 AM

Hello,

I have a similar question to this thread ( https://supportforums.cisco.com/message/3927713 ) but I'm interested about device control on top of user control. Just like that thread, we are using WPA2-AES Enterprise with PEAP MSCHAPv2, which allow users to log on with their domain credentials. We wanted something simple for our users, so MSCHAPv2 with "single sign on" was optimal to us.

Problem is, we have a new requirement and we need to implement it yesterday. We would like to allow only mobile devices and computers of our choice.

Since we are using MSCHAPv2 which allow every domain user to connect using any device as long as their domain credentials are valid, is there a simple way to control this ?

I guess we could go with MAC filtering, but we have about a thousand laptops. Not a big problem, we could do a regular MAC address inventory using SCCM. It's just that it looks like a brute force tactic to a simple problem. Would a Cisco ACE 4.1 RADIUS server tolerate well a MAC address table with a thousand entries ? What if it goes to two thousands ? Would this be easy to implement ? I'm a bit new to this, is there some documentation I could follow ?

How do people usually do this in an elegant way ? How do you manage and control WLAN access to thousands of device ? I guess they go with TLS with certificates ?

Thank you very much !

Konnan

Labels:
0 Helpful
17 Replies 17

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎06-09-2013 08:45 AM

I found a thread:)

https://supportforums.cisco.com/thread/2209784

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Ali Bahnam
Level 1
Level 1
In response to Scott Fella

‎06-10-2013 01:01 AM

Dear Scott,

Thanks for your reply,I check the link that you sent where the ISE version is 1.2, but my ISE version is 2.0.4.018.

So please advise,

Regards,

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Ali Bahnam

‎06-10-2013 05:14 AM

You might want to post your question on the security forum that handles ISE. I can't help you since I haven't upgraded to 2.0. I don't know if its available or not. They would be able to assist you.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card