Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
3
Helpful
3
Replies

Mobile Access Solution

gbljoba
Level 1
Level 1

‎11-22-2010 02:09 AM - edited ‎07-03-2021 07:26 PM

Hi,

I am pretty much a newbie when it comes to wireless. I am a voice person but have responsibility for the mobiles in our company. We have moved away for the stand alone Cisco IOS AP's to a WLC with Airwave managing it. At present all laptops on our network are installed with a MS certificate which is used to authenticate with the AP. The SSID etc are all pushed by default.

Now we have moved over the the WLC we now have the possibility to have the guest network with direct access the the internet. Authentication is done via a web page and a temporary userid and password.

We would like to have another SSID that only mobile phones/smart phones connect to. The key to this is that the user must have no intervention apart from switching on WiFi. Maybe we need to look into another certificate based solution?

Can anyone help me with a reccomendation?

Regards

Jon

Labels:
0 Helpful
3 Replies 3

Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-22-2010 03:03 AM

Hi,

I'm afraid that this won't be possible in a nice way.

Where the client is connecting to is a client decision. So if you have WPA corporate SSID and another SSID that is fully open, then by default, any device you turn on will try to connect to the open SSID.

But you already have the guest SSID for this. So how are the phones supposed to connect to the phone SSID and not the guest SSID ?

I'm afraid you can't steer them, the users will anyway have to select "phone ssid" on their phone.

For the "no intervention" part, I'm afraid certificates would require an admin to install the certificates on the phones (that's a burden with all those different models of phones). Either you go for open ssid or you have a pre-shared key that the users can cache on their phone so that it doesn't beg them anymore.

I hope it clarifies the problem.

Nicolas

===

Don't forget to rate answers that you find useful

gbljoba
Level 1
Level 1
In response to Nicolas Darchis

‎11-22-2010 03:11 AM

Hi Nicolas,

thanks for your reply. At present the mobile devices have no connectivity to the guest network. The guest network is used for laptops and guests only as the longest userid you can have is 1 month before expiry.

One idea i was thinking of is to have  certificate on a web server that someone from IT can browse to and install on the device whilst they are configuring mail etc. do you think that is possible? I dont think we can go for a PSK as any users who are able to extract it would have unmonitored access to the internet.

Regards

Jon

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to gbljoba

‎11-22-2010 04:33 AM

Your idea sounds like everyone using the same certificate ? That's not what I call security.

How about password authentication then if you don't trust PSK.

But in any case, the problem is the same : you need to configure a wifi profile on the phones.

If this is a task you accept, then any security is fine (cached password or certificate, whatever), but you won't have the phone connecting without user intervention and still keep security, that's just contradicting each other.

Nicolas

===

don't forget to rate answers that you find useful

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card