I have scoured the WEB & WLC user guide for this answer and so far have come up with nothing (maybe not searching correctly) Environment: Lightweight AP's with Cisco 4402 WLC (18.104.22.168). Windows7 clients using WPA2-Enterprise (PEAP) (User or Computer auth) Windows AD Microsoft NPS assigning vlan membership based on AD group membership for Users & domain membership for Machines Machine authentication (not TLS) pre user-login I would like to know if the Cisco 4402 WLC supports two-stage authentication. I have seen differing interpretations of "two-stage" authentication, so I shall elaborate. I would like to know if the WLC is capable of only allowing a USER authentication request if the request has come from a MACHINE that has been previously authenticated. I know Juniper (Trapeze) controllers achieve this through a function called "bonded-auth" and currently have a successful setup but I cannot find reference to this in the Cisco world. We have a restricted WLAN that should be limited to AD domain joined hardware & I am trying to prevent users on BYO devices with valid AD credentials from connecting to it. Any assistance would be greatly appreciated.
... View more