Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
5
Helpful
3
Replies

Same SSID, first certificate and if that fails username password

patoberli
VIP Alumni
VIP Alumni

‎10-26-2017 07:20 AM - edited ‎07-05-2021 07:46 AM

Hi All

I'm tasked with a nice project. I currently run a Wi-Fi with WLC and Windows Radius (NPS) servers with WPA2 Enterprise and PEAP-MSCHAPv2 with username/password authentication. This runs so far absolutely fine.

We now have an idea of providing our managed Windows laptops with a hardware certificate for authentication. The idea is to seperate our own managed devices from employees unamanged devices, without breaking the authentication.

Is it possible to chain it like this?

1. check if device has a valid hw certificate and if yes put it, based on AD group membership, into the correct vlan

2. if that fails, ask for username password

Alternatively I could build a new SSID, but would prefer to handle all on the same one.

I beleive it should work, what do you think?

 

Labels:
0 Helpful
3 Replies 3

ajc
Level 7
Level 7

‎10-30-2017 08:44 AM

Explore this:

https://www.youtube.com/watch?v=amUQz4-GLgs

 

 

patoberli
VIP Alumni
VIP Alumni
In response to ajc

‎11-03-2017 03:06 AM

Thanks for the video, this helps somewhat.
In my case, after the device is authenticated, it shouldn't authenticate the user again. But I do have some ideas how I might realize that.
0 Helpful

ajc
Level 7
Level 7
In response to patoberli

‎11-03-2017 08:33 AM

Please take a look as well on the following topic regarding MAR because I think it could be part of your required solution

 

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-2-1-mar-aging-time-eap-tls/m-p/3209628#M66354

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card