Showing results for 
Search instead for 
Did you mean: 

Wired 802.1x with Machine Certificates and Windows NPS

Hello all, 


I am looking to implement 802.1x on our switch ports to ensure that only devices we own are able to connect to the network. We have a CA server and it is pushing out a certificate to every machine in the organization so that step us already out of the way. I am having issues locating a good guide on how to accomplish this setup. I need to be able to configure the switch to authenticate both an IP phone and a computer on each port. I haven't been able to find a guide to really help me through this. I have found information relating to it being possible to authenticate both IP phones and computer on a single port but I haven't quite got that far yet. 


Most of the guides I find related to wired 802.1x deal with dynamic VLAN assignment and I am not looking to dynamically assign VLANs. I would like to have the VLANs statically set on the switches and just have the NPS server handle authorizing the device or shutting the device out based on if a valid organization issues certificate is present. I 


I am hoping that somebody can point me to a guide that will answer my question or provide me with some detailed configurations. 



VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Wired 802.1x with Machine Certificates and Windows NPS


Here is the ISE Secure Wired access guide. Even if you are not using ISE this guide will cover the switch configuration. This is a more generic 802.1x guide.


If you plan on using Dynamic VLAN assignment you'll probably want to use the radius av - Tunnel-Private-Group. You would need to ensure your VLANs are named consistently across your switches.



Re: Wired 802.1x with Machine Certificates and Windows NPS

Thanks for the guide. Unfortunately they are pretty close to what I have already researched and isn't quite specific enough. 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards