- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Restricting WPA3-Enterprise Network Access to Domain-Joined Computers
Hi everyone,
I'm working on setting up a new WPA3-Enterprise network and I'm trying to figure out the best way to restrict access to only domain-joined computers. I'm hoping to leverage the security benefits of WPA3-Enterprise, but I also want to ensure that only authorized devices can connect to the network.
Has anyone had experience with this? Are there any specific configurations or settings I should be aware of?
I'm using Cisco Meraki as my network equipment.
Any insights or recommendations would be greatly appreciated.
Thanks,
Giovanni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is all determined by rules on your RADIUS server, whether Cisco ISE, NPS, or something else. The options are generally login/password based, certificate based, or a combination. I generally use certificates as I work in AD environments and we can do auto provisioning via GPOs to handle everything on the PCs. But there are a multitude of options out there. The Meraki side settings will mostly be agnostic to the Radius server used.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @giovannip
This can be achieved by applying a GPO to domain-joined devices that issues them with a certificate through your internal CA for wireless.
You could then configure the WPA3-Enterprise with Radius and on the Radius server have the certificate be used as the authentication method. You should also add username/password to ensure only employees are connecting from the machine in question.
This would help ensure only domain-joined clients can authenticate/connect to the SSID.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is where computer authentication comes in.
Only accept the certs that have been distributed by your internal CA.