cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MAB or PSK?

Here to help

MAB or PSK?

Hello,

 

I am looking for suggestions on the best way to secure non 802.1x compatible wireless devices connecting to our network. We currently use a hidden SSID with a PSK specifically for these devices but was wondering if there was a different approach that people have used with enhanced security?

 

I am considering MAB using ISE but again this leave us potentially open to MAC spoofing etc.

 

Any advice would be great!

 

Thanks.

5 REPLIES 5
Head in the Cloud

Re: MAB or PSK?

Both SSID-hiding and MAB are no security-tools.

If the devices do not support 802.1X, PSKs (perhaps with iPSKs) are the solution.

Kind of a big deal
Kind of a big deal

Re: MAB or PSK?

Additionally  you can assign them a different vlan/subnet and restrict  access using the firewall/group-policy and only allow necessary traffic ip-port to your other lan segments

Here to help

Re: MAB or PSK?

Thanks @KarstenI iPSKs certainly look like a more secure option than we currently have.

Here to help

Re: MAB or PSK?

A few of our customers use iPSK with Meraki and ISE, works brilliantly!

Head in the Cloud

Re: MAB or PSK?


@DazKew wrote:

A few of our customers use iPSK with Meraki and ISE, works brilliantly!


same here. We just have to make sure that the mac-address is never changed or the system falls down to basic access based on the default PSK.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.