Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
9
Helpful
3
Replies

How can I restrict who connects with WPA?

srosenthal
Level 4
Level 4

‎03-30-2006 01:41 PM - edited ‎07-04-2021 11:52 AM

Our current network is using WPA with having the users get authenticated via the windows domain. Anyone with a domain login can use the same credentials to log in to the wireless network.

Is there a way to keep some users from authenticating to the wireless network?

I was not sure if the windows domain had an option to set who can and cannot access the wireless.

What I am trying to prevent is a user installing a wireless card into their laptop,getting the SSID from another user and the accessing the wireless network with permission.

Labels:
0 Helpful
3 Replies 3

scottmac
Level 10
Level 10

‎04-01-2006 07:06 AM

If your company standardizes on a given wireless NIC, you might be able to institute a MAC filter.

If you're using WPA with server-based authentication, you can usually install a policy (i.e., with Microsoft IAS, RRAS, and the user account, you can disable wireless logins by checking / unchecking the "Dial-in" attribute).

Are you using ACS, Microsoft, or freeRADIUS (or other RADIUS server)?

WPA is more of an encrytion thing, which authentication scheme are you using (WPA-PSK, LEAP, PEAP, EAP-TLS, EAP-TTLS, MD5 ...)?

IF you're using Microsoft-based authentication platforms, Microsoft has some pretty good white papers / step-by-step info on setting up their systems.

Good Luck

Scott

srosenthal
Level 4
Level 4
In response to scottmac

‎04-02-2006 05:25 PM

We are using ACS for the radius but passing all authentication on to the Mircrosoft Server for authentication.

Seth

0 Helpful

scottmac
Level 10
Level 10
In response to srosenthal

‎04-02-2006 09:58 PM

There are a couple options.

You can tell ACS to honor the "Dial-In User" attribute in the MS AD User profile ... anyone who is not "Dial In enabled" will not be authenticated.

I believe you could also define one or more groups in ACS. Membership in a particular group could be used to accept or deny entry via wireless.

There are probably other means, but these are lijely to be the easiest to implement.

Good Luck

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card