05-11-2023 07:24 AM
Dear All,
I have some Cisco Access Points, where one of these APs is a controller. I have several SSIDs configured, but users are being able to user their phones to generate QRCodes for the SSIDs and share passwords with others. What's the best practice to stop such using the Cisco WiFi Controller settings.
Thanks!
05-11-2023 07:47 AM
Hello
If you are using PSK for authentication I dont believe you can do anything. This is just the phone transferring the password to another phone.
What you can do is change the authentication method to something else like portal or radius. Or, you can use mac address filter if you have control over the device you need to server.
05-12-2023 04:55 AM
I'm thinking of using for example a certificate based authentication, so anyone that needs to connect to such SSID must have the certificate installed on his phone. Or maybe a RADIUS server as you said in order for them to authenticate using a username and password. But I have a question regarding the certificate solution, what's the best practice for such?
Thanks!
05-12-2023 05:31 AM
First of all are those devices under your administration ? Certificate is always the best option if you manage the end user devices. Then you can use some platform in order to install certificates like MDM.
But, If you do not manage the device (BYOD) then is a different situation. On this case your challenge is bigger and you should think about a guest network with portal.
05-12-2023 05:36 AM
end user devices are employees devices, I don't know how much this could be applicable and effective. Can you please explain more technically regarding both scenarios? Thanks!
05-12-2023 05:49 AM
If they are employees them it can be easier. You need to have the Radius server, would be great if you have Cisco ISE but it is not required and you need to get a tools to manage mobile devices in order to install certificate. There are many out there.
After that you need to create the configuration on the Radius, on the WLC, install certificates and that's it.
Here in the community there will be plenty of material related to this scenario. This link is just one example.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide