Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 471
  • Last Modified:

Manage Unauthorized Wireless Device on School LAN

Hello Everyone,

I have a Brocade Wireless Controller as well as an HP Controller serving out wireless to my students and faculty. We started out with a WPA2 PSK which ended up being compromised and now we have a flood of devices on the network. We now are looking at going to .1x authentication using a RADIUS server. Does anyone know or have ideas to accomplish allowing one authenticated session per user on the wireless infrastructure? Or how we can manage unauthorized wireless devices? We are running AD on both 2003 and 2008 Server and our clients are a mix of laptops, iOS devices, and phones. Any advice or help would be greatly appreciated!!

Thanks in advance.
0
WindhamSD
Asked:
WindhamSD
2 Solutions
 
Jakob DigranesSenior ConsultantCommented:
PSK tend to leak when many people have access.

You can use 802.1X with PEAP-MsChapV2 to authenticate devices using domain username and passwords to authenticate devices ---
But you cannot restrict users to one device. Then you need deploy certificates, using EAP-TLS.
Then you also have the stumbling block of enrolling certificates to all devices.
You could however get 3rd party solutions for both controlling access (Like Aruba Clearpass) or MDM software to enroll certificates.

here's a nice guide for PEAP-MsChap with 2008R2
0
 
Craig BeckCommented:
If your controllers allow it, you can configure the maximum simultaneous logins.
0
 
WindhamSDAuthor Commented:
Thanks guys! My controller doesn't allow it but I'm going down the MDM path using Meraki. Much appreciated.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now