10-26-2017 07:20 AM - edited 07-05-2021 07:46 AM
Hi All
I'm tasked with a nice project. I currently run a Wi-Fi with WLC and Windows Radius (NPS) servers with WPA2 Enterprise and PEAP-MSCHAPv2 with username/password authentication. This runs so far absolutely fine.
We now have an idea of providing our managed Windows laptops with a hardware certificate for authentication. The idea is to seperate our own managed devices from employees unamanged devices, without breaking the authentication.
Is it possible to chain it like this?
1. check if device has a valid hw certificate and if yes put it, based on AD group membership, into the correct vlan
2. if that fails, ask for username password
Alternatively I could build a new SSID, but would prefer to handle all on the same one.
I beleive it should work, what do you think?
10-30-2017 08:44 AM
11-03-2017 03:06 AM
11-03-2017 08:33 AM
Please take a look as well on the following topic regarding MAR because I think it could be part of your required solution
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide