10-28-2008 12:43 AM - edited 03-10-2019 04:09 PM
Hi everyone,
I wanted to know whether the following scenario is possible.
a person comes into the office and he plugs in his laptop to the docking station.As soon as the pc is on his pc is authenticated using the certificate installed in his pc.and then now for the vlan assignment he will be prompted for his credentials, as soon as he enter his credentials he will be automatically assigned to some vlan according to his credentials..
i know that both are possible with ACS server..ie authentication of pc with a certificate and the assignment of the vlan according to the user credentials..i want to know whether both are possible simultanously..
here what i will use is dot1x EAP-TLS and dot1x md5..can i use both together to achive what i have mentioned above..if possible.
Thanks
Joe
10-29-2008 09:03 AM
Let me see if I understand you. You want the certificate to be used only to domain authentication but the Vlan to be assigned based on user authentication?
10-29-2008 12:16 PM
Exactly....i want it like that.
10-29-2008 10:36 AM
Configuring the EAP protocols is global, even with a network access profile. You will have to configure both EAP-TLS and EAP-MD5. ACS is not able to distinguish between a machine auth and user auth. You can force EAP-MD5 for the user within your supplicant.
My suggestion is to put devices into one group and users into another, or others. Then, based on group membership, assign the appropriate vlan.
10-29-2008 12:34 PM
so is there any way that i can acheive this scenario..
here at my client site they have provided users with laptop with docking stations on their desktop..so users comein and put their laptop on to the docking station and stats working..here the problem is that recently one of the users bought his laptop and plugged in his laptop and started working and management got notice of it..then the manager decided to authenticate the laptop before they are into the network....the problem is that users will be moving around to different places as they will be having meeting, auditing and other works..so my goal is to acheive both laptop and the users authenticated and put them in proper vlans when they authenticate...
please suggest me what that i should do if i have to achevie this goal...
Thanks for you prevous replies.....i appreciate it....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide