11-06-2012 03:21 AM - edited 07-03-2021 10:59 PM
We have installed a working Wi-Fi solution running on a 5508 controller, software ver 7.2.110.0 with 15 AIR LAP 1142 AP’s.
The RADIUS authentication is backed off to a Win 2008 R2 server running NPS. The “Connection Request Policy” is configured to look at NAS port Type “Wireless or Wireless IEEE 802.11” and the Authentication Provider is “Local Computer”. The Network Policy again looks for “Wireless or Wireless IEEE 802.11” and the AD group “Domain Users”
The above solution is working just fine and the users are happly connecting, the problem that I am experiencing is that people have started to connect their own personal devices to our wireless network using their Domain account details, what I need to do is prevent this from happening can anyone suggest a way to deal with this issue? I was thinking about using certificates?
Solved! Go to Solution.
11-06-2012 04:30 AM
Yea you have a few options ..
Mac filtering .. But I wouldn't recommend it because its labor intensive to manage and easily to work around
ISE .. Expensive, but can ID a corp asset vs a personal asset and apply rules based on such
EAP-TLS .. Would require additional knowledge as this is the more complex of the Eaps. Also a Pki would be helpful to manage the Certs.
Sent from Cisco Technical Support iPhone App
11-06-2012 04:30 AM
Yea you have a few options ..
Mac filtering .. But I wouldn't recommend it because its labor intensive to manage and easily to work around
ISE .. Expensive, but can ID a corp asset vs a personal asset and apply rules based on such
EAP-TLS .. Would require additional knowledge as this is the more complex of the Eaps. Also a Pki would be helpful to manage the Certs.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide