MAB or PSK?

sammeader
Here to help

MAB or PSK?

Hello,

 

I am looking for suggestions on the best way to secure non 802.1x compatible wireless devices connecting to our network. We currently use a hidden SSID with a PSK specifically for these devices but was wondering if there was a different approach that people have used with enhanced security?

 

I am considering MAB using ISE but again this leave us potentially open to MAC spoofing etc.

 

Any advice would be great!

 

Thanks.

5 REPLIES 5
KarstenI
Kind of a big deal
Kind of a big deal

Both SSID-hiding and MAB are no security-tools.

If the devices do not support 802.1X, PSKs (perhaps with iPSKs) are the solution.

Thanks @KarstenI iPSKs certainly look like a more secure option than we currently have.

ww
Kind of a big deal
Kind of a big deal

Additionally  you can assign them a different vlan/subnet and restrict  access using the firewall/group-policy and only allow necessary traffic ip-port to your other lan segments

DazKew
Here to help

A few of our customers use iPSK with Meraki and ISE, works brilliantly!

KarstenI
Kind of a big deal
Kind of a big deal


@DazKew wrote:

A few of our customers use iPSK with Meraki and ISE, works brilliantly!


same here. We just have to make sure that the mac-address is never changed or the system falls down to basic access based on the default PSK.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels