Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)802.1x mobile devices
fran1942

82 posts

Master Geek

Trusted

#146960 4-Jun-2014 09:16
Send private message

Hello, in a corporate environment, you have your staff wifi users with mobile devices i.e iphones, tablets etc.
I understand it has not been feasbile to authenticate these users via wifi using 802.1x/radius/AD due to difficulties with certificates and the 802.1x supplicants on these mobile devices.
Therefore these staff mobile users are often put into their own speicial SSID with only PSK authentication. So it is essentially the same as a guest SSID but just with less firewalling restrictions i.e. no extra authentication security.

Is this still how things are done or do mobile devices now support 802.1x to such an extent that makes it feasbile to authorise them via 802.1x ?

Thanks for any advice.
How do you guys do it ?

Create new topic
lxsw20
3689 posts

Uber Geek
+1 received by user: 2174

Subscriber

  #1059052 4-Jun-2014 09:24
Send private message

We have a separate VDSL connection for client WiFi and Mobile Device WiFi from our corporate internet connection. We use PFSense to a couple of Vlans to unifi gear to make it all work. Pretty simple setup really, but works well. 



toyonut
1508 posts

Uber Geek
+1 received by user: 211


  #1059055 4-Jun-2014 09:34
Send private message

Ruckus Wireless 1100 with four AP's. All work issued equipment laptops, surfaces etc are on one network which is part of our internal network and authenticated by 802.11x and MS radius servers on our DC's.

Ruckus provides a staging portal for staff devices so we have another wlan on a separate vlan and IP range and staff can auth three devices each by logging in to the staging portal and generating a unique key that is tied to their username.
The automatic device provisioning normally fails to work, but it gives you the option to just view the key and then you can input it like normal. 
There is also a guest portal which our reception can log into and generate a time limited password for a separate guest SSID.
The guest and staff wireless terminates on our firewall as an optional network so we have some control about what it can be used for.

I think most enterprise wireless solutions will have similar functionality.




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B

Inphinity
2780 posts

Uber Geek
+1 received by user: 1184


  #1059057 4-Jun-2014 09:38
Send private message

I don't see any reason you can't do RADIUS authentication for mobile devices, provided your APs support it. We do this, using UniFi APs and Windows Server 2008 R2 NPS.



nigelj
856 posts

Ultimate Geek
+1 received by user: 125


  #1059129 4-Jun-2014 11:58
Send private message

802.1X is supported in most mobile platforms, Rags or nathan are best to comment about WP I won't pretend to know about then, but I'd pretty much die laughing/of shock if WP8 was unable to connect to a 802.1X network, as for 802.1X on Android/iOS, I know first hand that iOS6 and Android 4.1 (or was it 4.0 - I can't remember, it was a couple of years back now) can certainly connect to PEAP based 802.1X implementations.


To be fair, certificates are a bit harder, but most likely worth the extra effort if supported by the majority of devices.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright