Limit devices on wifi

R1d3rOfD0om
Here to help

Limit devices on wifi

hi Meraki warriors, 

 

I would like to know if there is any way to limit an SSID to allow only 2 devices only, perhaps not manually, something similar to ISE

 

but in essence, lets say I have one user in our Corp SSID, but that use can use as many devices he can have and there is no limitation,

 

We have ISE but the current version is obsolete and it does not have that feature, we tried via certificates but when it came the Chromebook world to play, the previous guy in charge override in some way that, to bypass the certs and now any user with any PC not being in the domain can join the corp as long as they have the right credentials for sure, 

 

So Im looking a solution that will enable me to limit the devices per user, now that we are not using ISE

 

any ideas?

8 REPLIES 8
PhilipDAth
Kind of a big deal

Configure the SSID to use WPA2-Enterprise mode and Meraki Authentication.  Create accounts for just the two users and authorise them for the SSID.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring__WPA2-Enterprise_with_... 

interesting, thanks so much, that does the temporal trick for now in a testing deployment environment,

I will investigate further since we want to deploy for more than 10K+ users but as I mentioned, our ISE is very old that does not do that anymore,

Check out FreeRadius.

https://freeradius.org/

 

Microsoft NPS (part of Windows Server) is very popular as well.  Nowhere near as sophisticated as Cisco ISE, but the price is good.

JimmyPhelan
Getting noticed

If you are replacing or retiring ISE, then RADIUS of some sort is going to be your best bet.

 

Map out a few more requirements however, that might help you in choosing your RADIUS provider. Are you looking to offer any MFA on your services (VPN for example?). We have had some issues with VPN MFA and Microsoft NPS, the claim not going the entire way through. Solution ended up being Cisco Duo as the MFA.

Yeah with the built-in functionality you can't limit the number of simultaneous logins with an account. It's either "unlimited" or one.

 

For that you'd need an external RADIUS server.

thank you,

well, yes, we wanted to see to get rid off ISE and explore a stylish Meraki solution but seems like @BrechSchamp mentioned, we have to use strictly a radius in some way,

The DUO looks like a solution but still I guess as long as you enter a valid credentials, it will let you in as many devices you have in hand

we wanted to see a similar way to restrict devices per user like ISE does ( thats my understanding of the ISE 2.2)

the problem is like if a user has a BYOD, it can bypass the certs or even a chromebook from the enterprise which is not added to the domain,

Im gonna check and keep investigating further cause having ISE is ... otherwise, we will have no choice and rather upgrade our ISE and explore that feature,

super thanks everyone
SoCalRacer
Kind of a big deal

You may look into JumpCloud also

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.