This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict WLAN usage to certain laptops

Go to solution
b_g
New Contributor III

‎06-16-2021 06:47 AM

We've set up a few dozen AP together with Cloudpath and an onsite vSZ. We have configured an internal WLAN that should only be used by employees with their company laptops. So far, users can access this WLAN by using their AD credentials (authentication is done via SZ and NPS server). Cloudpath is only used for our guest WLAN.

Unfortunately, every user can also connect their mobile phones or private laptops to that particular WLAN. To prevent this I thought about using machine certificates. How do I best implement that? Or is there a better solution for that problem?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
b_g
New Contributor III

‎06-18-2021 03:02 AM

Because our laptops are not AD joined and we don't know how big the effort would be to install a CA, create and distribute certificates, we will most probably go with MAC authentication. I've tested this and it works as expected. Downside is management effort since every client needs to have an user account in AD.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
garrett_collier
New Contributor III
In response to b_g

‎06-23-2021 06:42 AM

If you have more than 128 devices, you will run up against that limitation, just fyi.

0 Kudos

Go to solution
b_g
New Contributor III
In response to b_g

‎06-23-2021 06:50 AM

I've stumpled across that limitation somewhere in the forums or manuals. However, I'm not implementing the ACL on SmartZone but with RADIUS and an AD account for each MAC address. So there should be no limitation on the number of addresses.

0 Kudos

Go to solution
eizens_putnins
Valued Contributor II

‎06-19-2021 06:16 AM

Hello,

So you have MS AD, but no PKI installed, and want to prevent employees to connect private devices to the network. 

The most secure way would be to use certificates for authentication (both user and machine), but for that you need to install PKI and distribute certificates. It is a standard corporate setup, you can find step by step guides how to do it. But if company isn't that big, it may be a lot of work for not that much result.

You can get similar limitations using MAC filtering, but it is not actually secure, and  not that convenient too.

Probably the simplest way would be to use DPSK, which is somewhere in between and is easy manageable.

0 Kudos
Copyright © 2024 Khoros, LLC