db21
asked on
Prevent personal devices to connect to corporate Wireless Network
I have a CWLC 4402 with 13 Cisco AP1242. I have a situation in my corporate office with the users connecting their none corporate mobile devices (IPAD, iPHONE, etc.) to our wireless corporate network to use the corporate internet to surf. The WLAN ID that I have configured uses WPA1/WPA 2 and radius server. They are able to connect and authenticated once they configure their personal devices because they have a corporate AD account.
I’m looking for a solution to prevent users from connecting their personal mobile devices to corporate WLAN network. One option that I was looking into is enabling MAC filtering for my corporate WLAN but this will require for me to manually enter all wireless MAC address of any corporate laptops that we have. I’m not sure if there is other option and curious to know what other’s are doing to deal with this issue.
Thanks,
db
I’m looking for a solution to prevent users from connecting their personal mobile devices to corporate WLAN network. One option that I was looking into is enabling MAC filtering for my corporate WLAN but this will require for me to manually enter all wireless MAC address of any corporate laptops that we have. I’m not sure if there is other option and curious to know what other’s are doing to deal with this issue.
Thanks,
db
This is worth a try. The first part of the mac address is basically the identifier, you can look up mac's easily it is all over the place, and you may be able to block all macs with this particular mac string. I have never tried it but it would allow you to block all apple devices, then you just have to deal with BB Android and Windows Phones.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Hutch. that would probably work however we have some corporate Apple, BB, Android devices that need access. these devices MAC address are configured in my MOBILITY WLAN and MAC filtering is enabled. the is sue now is that they can go back to my corporate WLAN and sign in their devices becasue its radius authentication and not MAC.
Can't you run both radius and Mac filtering? That would be m thought I know you can do WPA2/mac filtering,
You could even go as far as filtering on the allowed devices on and all others are not... but this would obviously mean getting the mac for every wireless device on your network and then just adding the mobile devices in as needed?
I know this would be a lot of work up front, but it would be manageable as it would rarely change.
You could even go as far as filtering on the allowed devices on and all others are not... but this would obviously mean getting the mac for every wireless device on your network and then just adding the mobile devices in as needed?
I know this would be a lot of work up front, but it would be manageable as it would rarely change.
ASKER
Hutch,
you can have both MAC and WPA2 however as you mentioned this will require me to gather all the MAC address we have. I just need to confirm if this is the only solution, im sure other corporation are dealing with the same issue, unless they are just letting users connect their personal mobile devices to the corporate WLAN.
db
you can have both MAC and WPA2 however as you mentioned this will require me to gather all the MAC address we have. I just need to confirm if this is the only solution, im sure other corporation are dealing with the same issue, unless they are just letting users connect their personal mobile devices to the corporate WLAN.
db
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.