This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict WLAN usage to certain laptops

Go to solution
b_g
New Contributor III

‎06-16-2021 06:47 AM

We've set up a few dozen AP together with Cloudpath and an onsite vSZ. We have configured an internal WLAN that should only be used by employees with their company laptops. So far, users can access this WLAN by using their AD credentials (authentication is done via SZ and NPS server). Cloudpath is only used for our guest WLAN.

Unfortunately, every user can also connect their mobile phones or private laptops to that particular WLAN. To prevent this I thought about using machine certificates. How do I best implement that? Or is there a better solution for that problem?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
b_g
New Contributor III

‎06-18-2021 03:02 AM

Because our laptops are not AD joined and we don't know how big the effort would be to install a CA, create and distribute certificates, we will most probably go with MAC authentication. I've tested this and it works as expected. Downside is management effort since every client needs to have an user account in AD.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
eizens_putnins
Valued Contributor II

‎06-16-2021 07:02 AM

It's always same old problem. Simpliest way -- situation is for 99% resolvable setting device OS policy to deny iOS + Android phones (don't use "allow only Windows", as after some update you'll get complaints that Windows laptops can't access network).

Also if you use Radius with user certificate authentication, which are provisioned automaticlaly, there will be no problems with phones too.

Of cause, you can use double authentication - machine+user, but it is more cumbersome.

0 Kudos

Go to solution
b_g
New Contributor III
In response to eizens_putnins

‎06-18-2021 03:00 AM

Unfortunately, this would prevent mobile phones to connect but not private Windows laptops.

0 Kudos

Go to solution
garrett_collier
New Contributor III

‎06-16-2021 09:10 AM

I think I asked the same question as you, using different words. You appear to be using similar components as we are. Please take a look at my post and see if it fits your use-case: https://forums.ruckuswireless.com/conversations/smartzone-and-virtual-smartzone/smartzone-aaa-wlan-a...

Go to solution
b_g
New Contributor III

‎06-18-2021 03:02 AM

Because our laptops are not AD joined and we don't know how big the effort would be to install a CA, create and distribute certificates, we will most probably go with MAC authentication. I've tested this and it works as expected. Downside is management effort since every client needs to have an user account in AD.

0 Kudos
Copyright © 2024 Khoros, LLC