Friday, November 17, 2017

Managing a new SSID without user auth or PSK?

Hi,

We have a well established NAC that controls all our wireless authentication over RADIUS.

In order to help "split" the traffic between devices, we are looking into splitting our AD based devices into their own segregated wireless SSID/network, and to leave all other devices like our Chromebooks and iPads/Apple Macs.

The CB/Apple network is our growing concern as they are currently using user auth through RADIUS to connect, but several users figured out they could also connect their cell phones, etc and it's causing us a major issue in terms of bandwidth. We looked at restrictions like MAC based ones, but that becomes an issue because we lack the human resources to properly gather all of that information.

What I want to do, and correct me if I am wrong, is to deploy through our different MDM solutions (AirWatch and Google Admin) a way for these devices to connect through their current SSID, but using something like a certificate rather than an authentication with user credentials.

Maybe I am complicating myself here, but it seems I can configure the device to connect to our SSID without the need to provide the user with any info whatsoever, simply by provisioning the device with the relevant components.

Any advice or help, maybe other ideas I am overlooking or generally if I am just talking out of my arse :)

We use AeroHive to manage our wireless infrastructure if that helps in any way.

Thanks all



No comments:

Post a Comment