MAB or PSK?

sammeader
Here to help

MAB or PSK?

Hello,

 

I am looking for suggestions on the best way to secure non 802.1x compatible wireless devices connecting to our network. We currently use a hidden SSID with a PSK specifically for these devices but was wondering if there was a different approach that people have used with enhanced security?

 

I am considering MAB using ISE but again this leave us potentially open to MAC spoofing etc.

 

Any advice would be great!

 

Thanks.

5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal

Both SSID-hiding and MAB are no security-tools.

If the devices do not support 802.1X, PSKs (perhaps with iPSKs) are the solution.

Thanks @KarstenI iPSKs certainly look like a more secure option than we currently have.

ww
Kind of a big deal
Kind of a big deal

Additionally  you can assign them a different vlan/subnet and restrict  access using the firewall/group-policy and only allow necessary traffic ip-port to your other lan segments

DazKew
Here to help

A few of our customers use iPSK with Meraki and ISE, works brilliantly!

KarstenI
Kind of a big deal
Kind of a big deal


@DazKew wrote:

A few of our customers use iPSK with Meraki and ISE, works brilliantly!


same here. We just have to make sure that the mac-address is never changed or the system falls down to basic access based on the default PSK.

Get notified when there are additional replies to this discussion.