Manage Unauthorized Wireless Device on School LAN

Hello Everyone,

I have a Brocade Wireless Controller as well as an HP Controller serving out wireless to my students and faculty. We started out with a WPA2 PSK which ended up being compromised and now we have a flood of devices on the network. We now are looking at going to .1x authentication using a RADIUS server. Does anyone know or have ideas to accomplish allowing one authenticated session per user on the wireless infrastructure? Or how we can manage unauthorized wireless devices? We are running AD on both 2003 and 2008 Server and our clients are a mix of laptops, iOS devices, and phones. Any advice or help would be greatly appreciated!!

Thanks in advance.
WindhamSDAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Jakob DigranesConnect With a Mentor Senior ConsultantCommented:
PSK tend to leak when many people have access.

You can use 802.1X with PEAP-MsChapV2 to authenticate devices using domain username and passwords to authenticate devices ---
But you cannot restrict users to one device. Then you need deploy certificates, using EAP-TLS.
Then you also have the stumbling block of enrolling certificates to all devices.
You could however get 3rd party solutions for both controlling access (Like Aruba Clearpass) or MDM software to enroll certificates.

here's a nice guide for PEAP-MsChap with 2008R2
0
 
Craig BeckConnect With a Mentor Commented:
If your controllers allow it, you can configure the maximum simultaneous logins.
0
 
WindhamSDAuthor Commented:
Thanks guys! My controller doesn't allow it but I'm going down the MDM path using Meraki. Much appreciated.
0
All Courses

From novice to tech pro — start learning today.