Please elaborate on "local

Scott Hanson · ‎04-23-2014

Hello All,

I need to figure out a way to restrict access to an SSID for hand held scanner guns. We are using certificates and AD accounts for the other SSIDs but this one is only used by hand held scanner guns. I was thinking about a MAC address filter but have been told that those are easily hacked. Any ideas?

Thanks in advance. All replies rated.

mscherting · ‎04-23-2014

I'm struggling with this too. Some Motorola/Symbol scanners have some 802.1x supplicant built in to the OS if OS is WinCE type. These may be able to do EAP-TLS with a cert, or PEAP MS-CHAPv2 username/password.

Other older ones can only do WEP.

For WEP guns at WAN sites, I'm considering a separate, centrally switched WLAN with ACLs on the router to restrict where clients can go. All clients will land on the same subnet and all traffic will have to come back to the data center where the WLC and inventory DB is.

PSK is usually an option, but any device with the key will have access.

Leo Laohoo · ‎04-24-2014

You can create a wireless local profile if your WLC firmware supports it.

kaaftab · ‎05-20-2014

well the only other option can be mac based authentication where AD based in not support and you can restrict that access using acls .

abwahid · ‎08-10-2014

Hi,

By creating a local wireless profile you can restrict access to an SSID for hand held scanner guns.

mscherting · ‎08-11-2014

Please elaborate on "local wireless profile." Will it work at H-REAP (flexconnect) sites where there is no local WLC?

Thanks!

Restricting Wireless Access