This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can I restrict Radius authentication to specific number of devices?

nathan_kaa
New Contributor III

‎07-04-2019 03:36 PM

I currently have ZD1200 set up using local database which binds the user to a specific mac address when they connect so the code cannot be used multiple times. Is there a way to use Radius/AD so that the user can connect a device to the SSID using their AD credentials, then that device is bound to those credentials so they can't connect another device with the same credentials (until an admin goes into ZD and deletes that binding)?
7 REPLIES 7

david_black_594
Contributor III

‎07-04-2019 03:57 PM

With RADIUS/AD, you cannot limit the number of concurrent logins. Instead, you could use DPSK where each device (mac) is tied to a unique key.  If using zero-it to allow users to self-provision (as opposed to batch provisioning), each unique key will be associated with a user's name in the controller.  You can also limit the number of keys per user to 1, 2, 3, 4, or unlimited.

0 Kudos

nathan_kaa
New Contributor III

‎07-04-2019 04:51 PM

Just looking at some documentation with regards to Zero-IT and DPSK, in the set up it talked about using 802.1X EAP as the authentication option. Would that work the same, Zero-IT would use Radius (Windows Server) to authenticate, then the user would be assigned a DPSK, which has been bound to that devices MAC address, and I could limit the number of keys to 1 or 2?
0 Kudos

david_black_594
Contributor III

‎07-04-2019 06:11 PM

What controller are you using and how many users? Configuring external DPSK is very complicated and would normally be used only when the required number of DPSKs exceeds the max that a controller can manage.
0 Kudos

nathan_kaa
New Contributor III

‎07-04-2019 06:21 PM

Its a ZD1200. For one site there are around 30 staff, which isn't many, however currently any DPSK codes are manually created, and I'm not on site all the time, so was hoping to have a way to let them connect devices without needing to a code to be manually created. 

So should I just create a list of users in the local database? 

Also what is the procedure when they connect, is there any documentation which shows this as that might help me understand the process and how to best set it up for our needs.
0 Kudos
Copyright © 2024 Khoros, LLC