Preventing unauthorized wireless routers on network

SAU
Conversationalist

Preventing unauthorized wireless routers on network

I have 200 APs on a small university campus, most in dorms. We have a number of students that think it is a good idea to bring in their own wireless routers. I have contained most that are not smart enough to rename the device but a few sharper ones now name the device similar to their phones so it is harder to find them in the Rogue/other SSIDs list.

What is a reliable way to prevent these devices from accessing the network without containing all Rogues? I don't know what effect containing all SSIDs would have on the Rokus and Xboxes, etc.

 

Thanks for any suggestions

11 REPLIES 11
PhilipDAth
Kind of a big deal
Kind of a big deal

You can't.

 

What about on your switches limiting the switch ports to a single MAC address?  If they plug in an AP that will consume the 1 MAC address slot, preventing any machine connecting to the AP from being able to "speak".

Uberseehandel
Kind of a big deal


@SAU wrote:

I have 200 APs on a small university campus, most in dorms. We have a number of students that think it is a good idea to bring in their own wireless routers. I have contained most that are not smart enough to rename the device but a few sharper ones now name the device similar to their phones so it is harder to find them in the Rogue/other SSIDs list.

What is a reliable way to prevent these devices from accessing the network without containing all Rogues? I don't know what effect containing all SSIDs would have on the Rokus and Xboxes, etc.

 

Thanks for any suggestions


In the long run, it might be simpler to find a way of accommodating the students' need to use their own routers. If they are bringing in their own devices because the service being offered is inadequate, then it will be more productive to address the shortcomings, than start a fight that ultimately the administration will lose.

 

If the students are doing it to wind up the administration, it sounds like they are winning.

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Stealth_Network
Getting noticed

Cisco ISE is the best product for your configuration

But that doesn't solve the real problem.

It only stamps on the user reaction to a basic fundamental problem.

fix the underlying problem.
Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

I agree partially, but he is asking a technical questions to which I replied with a solution he was inquiring about...


@Stealth_Network wrote:

I agree partially, but he is asking a technical questions to which I replied with a solution he was inquiring about...


Fixing the technical problem is not going to address the underlying problem. It will merely cause the users to become more inventive.

 

The technical problem would go away if the underlying issue was addressed and a solution found.

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Yes but in a campus environment what is he supposed to do? Ask why people want their own Wireless which could result in 100's of different requirements. Is he supposed to cater to them all?

 

In a corporate environment do you let people bring in their own AP's? In healthcare do you let the patients connect to the secure network?

 

Come on


@Stealth_Network wrote:

Yes but in a campus environment what is he supposed to do? Ask why people want their own Wireless which could result in 100's of different requirements. Is he supposed to cater to them all?

 

In a corporate environment do you let people bring in their own AP's? In healthcare do you let the patients connect to the secure network?

 

Come on


What you are entirely missing is that users act in their own best economic interests. It's the capitalist way. You are looking at the small picture, not the big picture. If there was a network service that met the users' requirements, the issue would go away.

 

Your examples are disingenuous.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Sorry @Uberseehandel but I disagree, its the network managers network so its his rules albeit with the support of senior management, but I would be unhappy if users were bringing their own AP's.

 

Organisations have IT use policies for a reason which is to protect users and the network. If everyone bought an AP into work wireless channels would be so flooded nothing would work!

 

Most users circumvent network policies because they want what they can't have i.e. netflix, social media and other things. 

 

 

Exactly. One of my concerns is that a student may setup a wireless device to entice other students to connect then have access to that students devices. And yes here as I am sure every college and university the students are always looking to circumvent the system setup for them. In the past, pre Meraki, there were issues with wireless here but that is no longer the case, and there is no need for personal WIFI devices anymore.

 

Thanks for the input

How so?
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.