Security

Reply
Super Contributor II

Authenticating to a PSK SSID using Airgroup registration mac address

We're planning on creating a PSK wifi network for all those (airgroup) devices that do not support WPA2-Enterprise

 

The initial plan was

 

1). Have a silly PSK for the SSID ( its going to be advertised everywhere)

2). use the API set to register client device in a static host list

3). Auth SSID against static host list

4). Use DHCP signatures to restrict who can connect to it ( e.g. if macOS,iOS,Windoze Linux then you should be using dot1x) 

 

However thei can se devices will probalby want to do "airgroup stuff" so was wondering if I can kill 2 birds with one stone and have an aurthentication source use the airgroup registration details to connect devices to the SSID. 

 

There's a [guest device repository] auth source that has lots of SQL statements in it. Could we use that to auth airgroup users to an SSID, or will the SQL need some "tweaking" ?

Super Contributor II

Re: Authenticating to a PSK SSID using Airgroup registration mac address

And the answer of course is yes you can. 

 

Removing all auth sources apart from the guest device repository auth soruce and registering my iPhone in clearpass guest connects me to our PSK with a role *(amongst others) of [Guest] 

 

So we can "turn the handle" and apply enforcement policies as appropriate.

 

Simples!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: