Solved: Users BYOD accessing wireless

Eric Kemsley · ‎06-17-2013

I have 2504 wlc, 1142n ap's and a windows radius server.

Users have figured out that they can connect their kindles to the wireless by using there network login credentials. How can I stop this? Change authentication from user or computer to just computer?

TIA,

Eric

Stephen Rodriguez · ‎06-17-2013

You could lock down the number of concurrent logins each user can have.

on the WLC Security > User Login policies. Change from '0' which is unlimited.

other than that, you would need some device, like ISE, that can profile and deny access based on device type

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

Stephen Rodriguez · ‎06-17-2013

You could lock down the number of concurrent logins each user can have.

on the WLC Security > User Login policies. Change from '0' which is unlimited.

other than that, you would need some device, like ISE, that can profile and deny access based on device type

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

George Stefanick · ‎06-17-2013

Hi Eric,

This is the challenge we are all seeing. You need to either implement an ISE solution or do a PKI with certificates. ISE allows you to ID devices and restrict kindles. Or a PKI solution where you need to install certs on devices with EAP-TLS.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Scott Fella · ‎06-17-2013

There are many ways like what Steve an George mentioned. If you go away from user credential and use machine authentication, The devices have to be members of the domain in order for that to work. If you have devices that can't be a part of the domain, like Apple laptops, then like George mentioned, use certificates. Then the more expensive way is like Steve mentioned... ISE:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Eric Kemsley · ‎06-17-2013

A big Thank You! to all you guys! I am learning more here than I would in taking a class!!

Scott Fella · ‎06-17-2013

Yeah... I've taken a share of classes and asked what the heck are they talking about:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***