I am looking to implement 802.1x on our switch ports to ensure that only devices we own are able to connect to the network. We have a CA server and it is pushing out a certificate to every machine in the organization so that step us already out of the way. I am having issues locating a good guide on how to accomplish this setup. I need to be able to configure the switch to authenticate both an IP phone and a computer on each port. I haven't been able to find a guide to really help me through this. I have found information relating to it being possible to authenticate both IP phones and computer on a single port but I haven't quite got that far yet.
Most of the guides I find related to wired 802.1x deal with dynamic VLAN assignment and I am not looking to dynamically assign VLANs. I would like to have the VLANs statically set on the switches and just have the NPS server handle authorizing the device or shutting the device out based on if a valid organization issues certificate is present. I
I am hoping that somebody can point me to a guide that will answer my question or provide me with some detailed configurations.
If you plan on using Dynamic VLAN assignment you'll probably want to use the radius av - Tunnel-Private-Group. You would need to ensure your VLANs are named consistently across your switches.
Thanks for the guide. Unfortunately they are pretty close to what I have already researched and isn't quite specific enough.