Enterprise Lockdown

Reply
Occasional Contributor II
Posts: 12
Registered: ‎08-10-2007

More Authenticaiton Challenges

Ok, I think I have the device and user protection figured out.
What I am going to do is use PEAP and authenticate the machines and users against an AD group.
No need for certs etc...
Now I have another issue.
I have several classes of equipment:
1. Devices that can do PEAP and machine Auth (Laptops)
2. Devices that can do PEAP but can not do machine Auth (Handhelds)
3. Devices that can't do either (Printers)
What I am going to do is create seperate SSID's for the types. I can then via control what the different classes can get to so I can lock down the printers and handhelds tighter than the Laptops.
The problem with it is I can't figure out how to tell my radius server to do PEAP w/machine auth for class 1 but only PEAP for class 2. It seem to be either or but not both.
I am running Cisco ACS 4.X for the raidius piece.
Thoughts?
Search Airheads
Showing results for 
Search instead for 
Did you mean: