Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

wireless network access

Hi,

I have an autonoumus APs installed inside my LAN (4 APs just plugged to the switch broadcasting three available VLANs from the switch with three SSIDs), i configured 3 diiferent WPA2 keys for them.

So any user when access any of them, i just type the key and the key kept stored on the user labtop forever, and in new windows OS, user can uncheck the wireless key and can see it and give it to other unkown users who can access my LAN without being known.

So, can any one inform me what is the best scenario to overcome this issue?

2 REPLIES
Hall of Fame Super Silver

Re: wireless network access

If you are trying to prevent users from adding their own device, why not lock down the wireless profile so they can't check that. Hopefully these are part of your domain computers. You can also do Mac filtering if you don't have many devices to manage (easy to spoof a Mac address though). Users will have to k ow how to spoof a Mac to bypass that. If you have AD, you can bring up a radius server and do 802.1x authentication using machine authentication. But again, these have to be domain computers.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Bronze

wireless network access

I agree with Scott.  You really want to use 802.1x authentication via RADIUS.

However, they don't necessarily need to be domain computers if you don't use machine authentication.

You can set up just AD login if you want to use non-domain machines (like Macs) too.

Ven

Ven Taylor
201
Views
0
Helpful
2
Replies
CreatePlease to create content