cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1877
Views
0
Helpful
2
Replies

Wired 802.1x with Machine Certificates and Windows NPS

Hello all, 

 

I am looking to implement 802.1x on our switch ports to ensure that only devices we own are able to connect to the network. We have a CA server and it is pushing out a certificate to every machine in the organization so that step us already out of the way. I am having issues locating a good guide on how to accomplish this setup. I need to be able to configure the switch to authenticate both an IP phone and a computer on each port. I haven't been able to find a guide to really help me through this. I have found information relating to it being possible to authenticate both IP phones and computer on a single port but I haven't quite got that far yet. 

 

Most of the guides I find related to wired 802.1x deal with dynamic VLAN assignment and I am not looking to dynamically assign VLANs. I would like to have the VLANs statically set on the switches and just have the NPS server handle authorizing the device or shutting the device out based on if a valid organization issues certificate is present. I 

 

I am hoping that somebody can point me to a guide that will answer my question or provide me with some detailed configurations. 

 

Thanks! 

2 Replies 2

Hi,

Here is the ISE Secure Wired access guide. Even if you are not using ISE this guide will cover the switch configuration. This is a more generic 802.1x guide.

 

If you plan on using Dynamic VLAN assignment you'll probably want to use the radius av - Tunnel-Private-Group. You would need to ensure your VLANs are named consistently across your switches.

 

HTH

Thanks for the guide. Unfortunately they are pretty close to what I have already researched and isn't quite specific enough. 

Review Cisco Networking for a $25 gift card