I need to figure out a way to restrict access to an SSID for hand held scanner guns. We are using certificates and AD accounts for the other SSIDs but this one is only used by hand held scanner guns. I was thinking about a MAC address filter but have been told that those are easily hacked. Any ideas?
I'm struggling with this too. Some Motorola/Symbol scanners have some 802.1x supplicant built in to the OS if OS is WinCE type. These may be able to do EAP-TLS with a cert, or PEAP MS-CHAPv2 username/password.
Other older ones can only do WEP.
For WEP guns at WAN sites, I'm considering a separate, centrally switched WLAN with ACLs on the router to restrict where clients can go. All clients will land on the same subnet and all traffic will have to come back to the data center where the WLC and inventory DB is.
PSK is usually an option, but any device with the key will have access.