Wireless authentication assistance

Texasjet79
New here

Wireless authentication assistance

They want to change some authentication for Wireless users

  1. We want to change the way users authenticate to the Internal Private. It doesn't make sense to keep our internal network as an SSID with a password that most people know. How are others authenticating internal users on devices that are on SSO in a easy secure manner?
  2. We want to change - Guest into a more secure and segregated VLAN and introducing a new way for guests to authenticate as well instead of having an open password to everyone and no idle time or anything. How are others doing this. What would recommendations be
  3. What are ways where we can introduce a BYOD network to users that want to bring their cell phones/tablets to work, where the VLAN is similar to the guest one but with a similar authentication to the - Internal Private? obviously we could take them to a integrated splash page.
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal

Hi,

 

Considering what you said, there are some possibilities.

 

For internal users, you can consider using 802.1X/EAP authentication methods1. This method is more secure and has replaced some outdated methods that have security weaknesses. You can also consider using multi-factor authentication methods to strengthen security while continuing to prioritize usability.

For guest network, you can create a separate VLAN for your guests. This prevents unauthorized access and associated security issues by isolating guest devices from the internal network.

For a BYOD network, you can consider using the same 802.1X/EAP authentication methods as your internal network. Additionally, you can use Single Sign-On tools that let employees use a single password to access a portal of company and cloud applications.

 

Of course, this is just a general recommendation, there are other options like Meraki's MDM.

 

https://meraki.cisco.com/products/systems-manager/

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

"Trusted Access" might be perfect for your BYOD use case.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Trusted_Access_for_Se...

 

You could also consider using Meraki Systems Manager for company assets (you can't be using another MDM already for this option).

https://documentation.meraki.com/SM/Deployment_Guides/Systems_Manager_Sentry_Overview 

 

 

If you are happy to run an internal RADIUS server and Windows CA server you can also use WPA2 Enterprise mode.  This covers a lot of that:
https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_... 

Get notified when there are additional replies to this discussion.