09-13-2018 03:06 AM - edited 07-05-2021 09:10 AM
Hello Community,
I want to allow access to WiFi only for domain-joined laptops and restrict for all other devices.
Does anyone had this task before and know the best way to achieve this?
I very appreciate any guidelines on this.
Thank you in advance!
Solved! Go to Solution.
09-13-2018 04:52 AM
ISE :) ()you can run it on Virtual machine.
But ..Yes you need to purchase license for session you want to use.
more info about license:
Regards
Dont forget to rate helpful posts
09-13-2018 03:54 AM - edited 09-13-2018 03:56 AM
use certificate based authentication...(example: use PEAP or EAP-TLS protocol)
for that you need:
AD
WLC
ISE
CA server
here is the guide: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/201044-802-1x-authentication-with-PEAP-ISE-2-1.pdf
Regards
Dont forget to rate helpful posts
09-13-2018 04:36 AM
thank you for the direction!
But I don't have ISA server. Does ISA server for this purpose require a license to be purchased?
If it does, do I need only one ISA server license or I need a license for each connected user?
Thanks
09-13-2018 04:52 AM
ISE :) ()you can run it on Virtual machine.
But ..Yes you need to purchase license for session you want to use.
more info about license:
Regards
Dont forget to rate helpful posts
10-10-2018 02:41 AM
I found following documentation to use Windows CA server and Windows Radius server instead of Ciso ISE.
But I run in an issue where windows Radius server can't authenticate via certificates and client can't authenticate.
Maybe some of you has a clear instructions on this? as those in the cisco article above don't work in my case.
thanks
10-10-2018 02:49 AM
Its realted to PEAP.
As I said , if you want to stop non domain laptop to connect wlan then you need to use EAP-TLS.
Here si a guide:
https://networklessons.com/uncategorized/peap-and-eap-tls-on-server-2008-and-cisco-wlc/
Regards
Dont forget to rate helpful posts
10-11-2018 11:36 PM
Thank you, this manual helped me to configure cert-based authentication.
But now I'm not quite sure if I should use PEAP or EAP authentication type. Do you know the difference and which one is better for cert-based authentication?
10-11-2018 11:39 PM - edited 10-11-2018 11:39 PM
PEAP or EAP-TLS
PEAP only need server side cert
TLS - need cert on both side(Cleint and Server)
or in other words PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLStunnel between the client and the authentication server.
Regards
Dont forget to rate helpful posts
09-13-2018 04:04 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide