Solved

Manage Unauthorized Wireless Device on School LAN

Posted on 2013-06-13
3
451 Views
Last Modified: 2013-07-02
Hello Everyone,

I have a Brocade Wireless Controller as well as an HP Controller serving out wireless to my students and faculty. We started out with a WPA2 PSK which ended up being compromised and now we have a flood of devices on the network. We now are looking at going to .1x authentication using a RADIUS server. Does anyone know or have ideas to accomplish allowing one authenticated session per user on the wireless infrastructure? Or how we can manage unauthorized wireless devices? We are running AD on both 2003 and 2008 Server and our clients are a mix of laptops, iOS devices, and phones. Any advice or help would be greatly appreciated!!

Thanks in advance.
0
Comment
Question by:WindhamSD
3 Comments
 
LVL 20

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 39244328
PSK tend to leak when many people have access.

You can use 802.1X with PEAP-MsChapV2 to authenticate devices using domain username and passwords to authenticate devices ---
But you cannot restrict users to one device. Then you need deploy certificates, using EAP-TLS.
Then you also have the stumbling block of enrolling certificates to all devices.
You could however get 3rd party solutions for both controlling access (Like Aruba Clearpass) or MDM software to enroll certificates.

here's a nice guide for PEAP-MsChap with 2008R2
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39246992
If your controllers allow it, you can configure the maximum simultaneous logins.
0
 

Author Closing Comment

by:WindhamSD
ID: 39294263
Thanks guys! My controller doesn't allow it but I'm going down the MDM path using Meraki. Much appreciated.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now