cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
0
Helpful
1
Replies

Wi-Fi Access Security

Murray Bown
Level 1
Level 1

We have installed a working Wi-Fi solution running on a 5508 controller, software ver 7.2.110.0 with 15 AIR LAP 1142 AP’s.

The RADIUS authentication is backed off to a Win 2008 R2 server running NPS. The “Connection Request Policy” is configured to look at NAS port Type “Wireless or Wireless IEEE 802.11” and the Authentication Provider is “Local Computer”. The Network Policy again looks for “Wireless or Wireless IEEE 802.11” and the AD group “Domain Users”

The above solution is working just fine and the users are happly connecting, the problem that I am experiencing is that people have started to connect their own personal devices to our wireless network using their Domain account details, what I need to do is prevent this from happening can anyone suggest a way to deal with this issue? I was thinking about using certificates?

1 Accepted Solution

Accepted Solutions

George Stefanick
VIP Alumni
VIP Alumni

Yea you have a few options ..

Mac filtering .. But I wouldn't recommend it because its labor intensive to manage and easily to work around

ISE .. Expensive, but can ID a corp asset vs a personal asset and apply rules based on such

EAP-TLS .. Would require additional knowledge as this is the more complex of the Eaps. Also a Pki would be helpful to manage the Certs.

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

1 Reply 1

George Stefanick
VIP Alumni
VIP Alumni

Yea you have a few options ..

Mac filtering .. But I wouldn't recommend it because its labor intensive to manage and easily to work around

ISE .. Expensive, but can ID a corp asset vs a personal asset and apply rules based on such

EAP-TLS .. Would require additional knowledge as this is the more complex of the Eaps. Also a Pki would be helpful to manage the Certs.

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: