Showing results for 
Search instead for 
Did you mean: 

Can I permanently authorize a client?

New Contributor II
So here's my dilemma:

We have an iPad that we use in the office for patients to check in for their appointment. We have 2 WiFi connections available to use. #1 is our private network and #2 is our patient / public network. If I connect to option 2 the iPad has to open a web page and accept the TOS before it can continue functioning. If I use option 1, every 10-15 min a staff would have to input their AD username/password for the internet to continue functioning. Is there any way I can just whitelist the MAC address of this iPad on either connection to bypass these issues? We have a ZoneDirector but I don't recall what model off the top of my head.

Thanks in advance!

Contributor III
You can MAC Auth clients using  a Radius Server:

Good Luck

Valued Contributor II
From a security standpoint I'm not sure I'm as much of a fan of MAC auth as I am of loading a DPSK or something onto the iPad itself.

Contributor III
You can MAC Auth clients using  a Radius Server:

Good Luck

Valued Contributor
If you have "modest" environment you might not have a radius server. If you have still not a simple click a few buttons job.
This might seem overkill for one device but it'll do what you want. Could regard it as a quick dirty fix.
Create a new WLAN called IPAD
use an ACL list with the ipad MAC in it and assign that list to IPAD.
screenshots in a minute.

access control
L2-L7 access control
create new....
add in MAC of

Image_ images_messages_5f91c42b135b77e24799ad61_04f76b6e3fc2d9e13be65b15c996a34c_RackMultipart20160225412251sdw-59aed8fb-d190-4e0b-a575-b4558dae6713-103275472.jpg1456398805

create new WLAN
create new... edit as required
access control drop down menu should have the IPAD ACL list (you previously created) as an option.

Image_ images_messages_5f91c42b135b77e24799ad61_8cbf27072ed98825b8dd4d503644787a_RackMultipart2016022570275thr2-6ae30faf-b47e-4db7-9b1b-ca4c7c632f1c-1158170900.jpg1456398832

As John correctly mentioned this is not as secure as other methods and is not "good practice" unless you know how to lock your IPAD WLAN down in other ways.

Minor simple improvements include
not broadcasting the IPAD wlan,
restrict to one client (yours) for the WLAN on that AP (stops any other device from connecting)
restrict it only to IOS devices,
assigning WLAN to only one of your APs on 5GHz,
reducing the power output of that AP WLAN to minimum needed,
scheduling the WLAN (7AM-7PM say),
limiting throughput...

look through the options and figure out what you need bearing in mind they can occasionally have unintended outcomes!

If you restrict to one client connection and add in a long inactivity timeout (say 60mins...if you are busy practice then that shouldn't be an issue) the ipad would hold the connection and no other device could use that WLAN.