Solved

Manage Unauthorized Wireless Device on School LAN

Posted on 2013-06-13
3
459 Views
Last Modified: 2013-07-02
Hello Everyone,

I have a Brocade Wireless Controller as well as an HP Controller serving out wireless to my students and faculty. We started out with a WPA2 PSK which ended up being compromised and now we have a flood of devices on the network. We now are looking at going to .1x authentication using a RADIUS server. Does anyone know or have ideas to accomplish allowing one authenticated session per user on the wireless infrastructure? Or how we can manage unauthorized wireless devices? We are running AD on both 2003 and 2008 Server and our clients are a mix of laptops, iOS devices, and phones. Any advice or help would be greatly appreciated!!

Thanks in advance.
0
Comment
Question by:WindhamSD
3 Comments
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 39244328
PSK tend to leak when many people have access.

You can use 802.1X with PEAP-MsChapV2 to authenticate devices using domain username and passwords to authenticate devices ---
But you cannot restrict users to one device. Then you need deploy certificates, using EAP-TLS.
Then you also have the stumbling block of enrolling certificates to all devices.
You could however get 3rd party solutions for both controlling access (Like Aruba Clearpass) or MDM software to enroll certificates.

here's a nice guide for PEAP-MsChap with 2008R2
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39246992
If your controllers allow it, you can configure the maximum simultaneous logins.
0
 

Author Closing Comment

by:WindhamSD
ID: 39294263
Thanks guys! My controller doesn't allow it but I'm going down the MDM path using Meraki. Much appreciated.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question