Meraki

Community

Limit devices on wifi

R1d3rOfD0om
Here to help
‎Apr 23 2020 2:25 PM
‎Apr 23 2020 2:25 PM

Limit devices on wifi

hi Meraki warriors, 

 

I would like to know if there is any way to limit an SSID to allow only 2 devices only, perhaps not manually, something similar to ISE

 

but in essence, lets say I have one user in our Corp SSID, but that use can use as many devices he can have and there is no limitation,

 

We have ISE but the current version is obsolete and it does not have that feature, we tried via certificates but when it came the Chromebook world to play, the previous guy in charge override in some way that, to bypass the certs and now any user with any PC not being in the domain can join the corp as long as they have the right credentials for sure, 

 

So Im looking a solution that will enable me to limit the devices per user, now that we are not using ISE

 

any ideas?

0 Kudos
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 23 2020 3:51 PM
‎Apr 23 2020 3:51 PM

Configure the SSID to use WPA2-Enterprise mode and Meraki Authentication.  Create accounts for just the two users and authorise them for the SSID.

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring__WPA2-Enterprise_with_... 

In response to PhilipDAth
R1d3rOfD0om
Here to help
‎Apr 23 2020 7:07 PM
‎Apr 23 2020 7:07 PM

interesting, thanks so much, that does the temporal trick for now in a testing deployment environment,

I will investigate further since we want to deploy for more than 10K+ users but as I mentioned, our ISE is very old that does not do that anymore,
In response to R1d3rOfD0om
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 23 2020 7:50 PM
‎Apr 23 2020 7:50 PM

Check out FreeRadius.

https://freeradius.org/

 

Microsoft NPS (part of Windows Server) is very popular as well.  Nowhere near as sophisticated as Cisco ISE, but the price is good.

JimmyPhelan
Getting noticed
‎Apr 24 2020 1:57 AM
‎Apr 24 2020 1:57 AM

If you are replacing or retiring ISE, then RADIUS of some sort is going to be your best bet.

 

Map out a few more requirements however, that might help you in choosing your RADIUS provider. Are you looking to offer any MFA on your services (VPN for example?). We have had some issues with VPN MFA and Microsoft NPS, the claim not going the entire way through. Solution ended up being Cisco Duo as the MFA.

In response to JimmyPhelan
BrechtSchamp
Kind of a big deal
‎Apr 24 2020 5:13 AM
‎Apr 24 2020 5:13 AM

Yeah with the built-in functionality you can't limit the number of simultaneous logins with an account. It's either "unlimited" or one.

 

For that you'd need an external RADIUS server.

In response to JimmyPhelan
R1d3rOfD0om
Here to help
‎Apr 24 2020 7:11 AM
‎Apr 24 2020 7:11 AM

thank you,

well, yes, we wanted to see to get rid off ISE and explore a stylish Meraki solution but seems like @BrechSchamp mentioned, we have to use strictly a radius in some way,

The DUO looks like a solution but still I guess as long as you enter a valid credentials, it will let you in as many devices you have in hand

we wanted to see a similar way to restrict devices per user like ISE does ( thats my understanding of the ISE 2.2)

the problem is like if a user has a BYOD, it can bypass the certs or even a chromebook from the enterprise which is not added to the domain,

Im gonna check and keep investigating further cause having ISE is ... otherwise, we will have no choice and rather upgrade our ISE and explore that feature,

super thanks everyone
0 Kudos
SoCalRacer
Kind of a big deal
‎Apr 24 2020 7:45 AM
‎Apr 24 2020 7:45 AM

You may look into JumpCloud also

0 Kudos
In response to SoCalRacer
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 24 2020 10:31 AM
‎Apr 24 2020 10:31 AM

Check out Meraki Trusted Access.

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Trusted_Access_for_S...

 

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.