Meraki

sammeader · ‎Jan 12 2021

Hello,

I am looking for suggestions on the best way to secure non 802.1x compatible wireless devices connecting to our network. We currently use a hidden SSID with a PSK specifically for these devices but was wondering if there was a different approach that people have used with enhanced security?

I am considering MAB using ISE but again this leave us potentially open to MAC spoofing etc.

Any advice would be great!

Thanks.

KarstenI · ‎Jan 12 2021

Both SSID-hiding and MAB are no security-tools.

If the devices do not support 802.1X, PSKs (perhaps with iPSKs) are the solution.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

sammeader · ‎Jan 12 2021

Thanks @KarstenI iPSKs certainly look like a more secure option than we currently have.

ww · ‎Jan 12 2021

Additionally you can assign them a different vlan/subnet and restrict access using the firewall/group-policy and only allow necessary traffic ip-port to your other lan segments

DazKew · ‎Jan 13 2021

A few of our customers use iPSK with Meraki and ISE, works brilliantly!

KarstenI · ‎Jan 13 2021

@DazKew wrote:
A few of our customers use iPSK with Meraki and ISE, works brilliantly!

same here. We just have to make sure that the mac-address is never changed or the system falls down to basic access based on the default PSK.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Meraki

Community

MAB or PSK?

MAB or PSK?