Restrict NPS users to one device
Posted on 2013-05-16
I have NPS/RADIUS set up with Aerohive APs.
There are three SSIDs, Prod, iPad and Guest. There is a wireless profile pushed out by group policy which allows domain computers to connect to the Prod SSID. Staff connect their company provided iPads to the iPad SSID using domain credentials and are placed on a specific VLAN (same VLAN as their domain laptops) using Radius policies.
For BYOD such as phones and personal tablets etc, they are supposed to use the Guest SSID which has a unique PSK given to each user.
However, due users being users, some dont connect to the Guest SSID and instead log onto the iPad SSID because at the moment Windows and even Aerohive at the moment can't distinguish between iPads and Phones (I don't want to go into this).
My question: How do I restrict the number of devices/connections per user on the iPad network for staff? They should only have one iPad each, and should only be connecting their one iPad to the iPad network. If I limit their connections to 1, they will not be able to connect using phones etc and will thus be forced to use the proper Guest network.
I haven't had much luck Googling this, hoping an NPS expert will have some idea.