Guest access and randomized MAC addresses

With randomized MAC addresses becoming more of the norm for mobile devices, it’s time to think about how you handle guest access. The main configuration I’ve seen is authenticating the connection, adding the MAC address to GuestEndpoints, and then allowing future authentications for X amount of days based on that MAC address. Obviously, that’s about…

Using IBNS 2.0 policy maps for differentiated authentication

Sending authentications to different RADIUS servers/deployments has been pretty easy for wireless controllers for a long time now. Configure the RADIUS servers and assign them per SSID/WLAN. This wasn’t always possible for wired users on the same switch. With IBNS 2.0, we can now utilize policy maps to configure each port to send the authentication to a different RADIUS server deployment.