Skip to main content

21 Messages

 • 

356 Points

Thu, Jul 4, 2019 10:36 PM

Can I restrict Radius authentication to specific number of devices?

I currently have ZD1200 set up using local database which binds the user to a specific mac address when they connect so the code cannot be used multiple times. Is there a way to use Radius/AD so that the user can connect a device to the SSID using their AD credentials, then that device is bound to those credentials so they can't connect another device with the same credentials (until an admin goes into ZD and deletes that binding)?

Responses

105 Messages

 • 

2.3K Points

a year ago

With RADIUS/AD, you cannot limit the number of concurrent logins. Instead, you could use DPSK where each device (mac) is tied to a unique key.  If using zero-it to allow users to self-provision (as opposed to batch provisioning), each unique key will be associated with a user's name in the controller.  You can also limit the number of keys per user to 1, 2, 3, 4, or unlimited.

21 Messages

 • 

356 Points

a year ago

Just looking at some documentation with regards to Zero-IT and DPSK, in the set up it talked about using 802.1X EAP as the authentication option. Would that work the same, Zero-IT would use Radius (Windows Server) to authenticate, then the user would be assigned a DPSK, which has been bound to that devices MAC address, and I could limit the number of keys to 1 or 2?

105 Messages

 • 

2.3K Points

a year ago

What controller are you using and how many users? Configuring external DPSK is very complicated and would normally be used only when the required number of DPSKs exceeds the max that a controller can manage.

21 Messages

 • 

356 Points

a year ago

Its a ZD1200. For one site there are around 30 staff, which isn't many, however currently any DPSK codes are manually created, and I'm not on site all the time, so was hoping to have a way to let them connect devices without needing to a code to be manually created. 

So should I just create a list of users in the local database? 

Also what is the procedure when they connect, is there any documentation which shows this as that might help me understand the process and how to best set it up for our needs.

105 Messages

 • 

2.3K Points

a year ago

If you’re on v10, a zd1200 supports a max of 150 APs, 4000 DPSKs, and 4000 clients. Why would you want to use external DPSK?

105 Messages

 • 

2.3K Points

a year ago

You could set up a provisioning network and use zero IT. Users connect to the provisioning network and authenticate to either active directory or the local user database. The controller then provisions the device, disconnect the device from the provisioning network and connects it to the production network.

2 Messages

 • 

70 Points

a year ago

Yes, you can set the limitation and block the access. For more information have a visit at https://errorcode0x.com/fix-dell-error-code-2000-0147/