Solved: Connecting a dumb wireless device to WLC

praveenjanarthanan · ‎02-17-2016

Hi all IoT enthusiasts,

I got a dumb wireless device which require internet access and I have a Guest SSID which requires username/password authentication.

The authentication is managed by ACS 5.3 and wireless is handled by cisco 2504.

What options do I have in order to allow this dumb device access to internet and at the same time only allow approved devices.

Thanks

PJ

Rasika Nayanajith · ‎02-18-2016

if that only supports WPA-Personal then you have to have a SSID that supports it.

I would create a seperate SSID and advertise it via selected APs (using AP Group).

HTH

Rasika

View solution in original post

Rasika Nayanajith · ‎02-17-2016

what is this dumb device & how can it configure for wireless ?

praveenjanarthanan · ‎02-18-2016

Hi Rasika,

It is a 3D printed device, but the chip inside can only support

(WPA personal)with password, but not username (WPA enterprise). It can also select an SSID.

Rasika Nayanajith · ‎02-18-2016

if that only supports WPA-Personal then you have to have a SSID that supports it.

I would create a seperate SSID and advertise it via selected APs (using AP Group).

HTH

Rasika

George Stefanick · ‎02-18-2016

I agree with Ras... Thats the easiest way to do it.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

praveenjanarthanan · ‎02-21-2016

Thanks for the feedback George

praveenjanarthanan · ‎02-21-2016

Thank you Rasika

mohanak · ‎02-18-2016

If you are using ACS as Radius authentication server, and if authentication pass!!.. then the WLC will allow device for accessing internet.

George Stefanick · ‎02-18-2016

Your guest network sounds like its doing radius authentication I assume ? You're IoT device would need to be able to support the same authentication. Honestly many of the IoT devices Ive seen do not support radius.

You need to see what that device supports for authentication. If you don't have an SSID that supports it your easiest thing to do is create one.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

praveenjanarthanan · ‎02-18-2016

Hi George,

You are right, we have setup Guest to do Radius authentication. And this device only supports, (WPA personal)with password, but not username (WPA enterprise). It can also select an SSID.

How can this be setup so that when more of this kind of device wants to connect to our guest network. They get guest access without much of manual addition of MAC address in the ACS.

Is there a way where ACS can be configured to allow access based on MAC address range / device type/ any other custom attributes ?