Forum

hi,

i have a enterprise wireless network. we use ACS (radius) and cisco lan controllers. our authentication method is wpa,tkip, peap mschapv2. machine and user authentication.

we have now started to see a few users on the WCS (wireless controll system) with 'apple' laptops, such is the ease of use with these devices that they auto connect to our wireless network and have internet access. sure they dont have shared resources, but sure enough they get access to the internet i.e they are under passed authentications, have an I.P and can browse at there leisure ?

is there a way to stop this apart from staff security guidelines and best practice + disabling ACS user accounts for apple laptops or pda`s that we do not support ?

after all, any old person could come into our site (hospital) and access the web for free. we even had a visitor set there SSID to free internet access in the main lobby presumably creating an adhoc network for others to share.

they wont get on the domain and get access to shared resources but they do indeed have free internet access.

i dont broadcast our voice ssid but do broadcast the data side ssid, this would enable a simple connect via a laptop, and im guessing that an apple wont find the hidden ssid if not broadcasted thus reducing impact ?

dont get me wrong, i know people can get the hidden ssid but at the very least the auto find feature wont work for those complete newbies just passing by.

any ideas people ?

cheers