Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Authentication methods for BYOD senario?

                  I am in charge of setting up a 2500 wireless controller and a slew of 1142n APs as well coming up with a method to authenticate devices. This is a bring your own device senario so I do not have admin access to the devices. I would think that using MAC address filtering and a WEP key for authentication is the simplest and most cross platform method. Is there a way that I can capture the MAC addresses from the devices from lets say one of my APs and then add the MACs to the filter database? The person that will be adding the devices and the device owners themselves (high school students) might have a hard time finding the MAC of the devices, not to mention the possibility of entering them incorrectly. I was thinking that I can have an AP near the person that the users go to for setting up access that is setup to only use a WEP key to authenticate and then capture the MAC address of the authenticated devices to add to the MAC filter database used for the rest of the APs on the campus.

Thanks in advance!

  • Getting Started with Wireless
Everyone's tags (6)
10 REPLIES
Silver

Authentication methods for BYOD senario?

I have the same problem

---

Posted by WebUser Qiming Huang from Cisco Support Community App

Re: Authentication methods for BYOD senario?

Unless you deploy a solution like Cisco ISE it's a challenge to do BYOD properly. I can share a few ideas to help get the gears going ..

You can create a generic login account and offer a guest page where a user can enter this account or an individual account. If you go individual accounts there are limitations and a radius server is better to be used.

You don't want to get into managing mac addresses. Just a bad deployment strategy. Also the wlc has limits as to how many macs can be entered. Here again a radius server would be needed to manage the macs.



Sent from Cisco Technical Support iPad App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Authentication methods for BYOD senario?

George can you tell me why you think that managing MAC addresses is a bad strategy? Also what is the limitation on the MAC filter on the wlc?

Thanks!

Hall of Fame Super Silver

Re: Authentication methods for BYOD senario?

No one wants to have to manage MAC address. MAC address can easily also be spoofed and the WLC limit the MAC address to 2048 I believe.

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****

Re: Authentication methods for BYOD senario?

The limit is indeed on the WLC. You can only have 2048 records. These records can be account logons, mac addresses etc. They all pull from the same pull.

If you are only managing a few macs then it may not be so bad. If you are doing 50+ it will be a pain. Also it adds little value. Anyone can spoof a mac address get around mac filtering.

Does that help ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Authentication methods for BYOD senario?

Yes it does help, but I might be forced to implement MAC filtering anyway..

Re: Authentication methods for BYOD senario?

If you can try and leverage a radius server ..

Sent from Cisco Technical Support iPad App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: Authentication methods for BYOD senario?

Hello William,

I would suggest you to deploy Cisco ISE. This device full fills your entire requirement. With ISE you can also do real time location tracking. For more information on ISE you can go to the below link. ISE provide BYOD freedom at your workplace.

http://www.cisco.com/en/US/products/ps11640/index.html

Re: Authentication methods for BYOD senario?

Ravi

How does ISE enable real time location tracking ?

Sent from Cisco Technical Support iPad App

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
405
Views
0
Helpful
10
Replies