I am in the process of implementing a 802.1X wired and wirless network for a college and I am stumbling into an issue. Does anyone know how to diffrentate between an end user MAC and a university owned MAC? They are joined to the domain.
Right now I have it configured where the MAC logs in via the machine and that works however, in the background I am putting them in Student and Staff Vlan's but there is no way to prevent a student from loging into that staff laptop that I can think of. Any ideas?
I have also thought of doing a static host list for the staff but the customer doesn't want to do that.
I was thinking maybe onguard and putting it only on the staff pc's but of course they don't feel like they should have to purchase more lic's for this feature.
Ideas? The windows boxes are working fine because they do machine auth first and then a second auth for the user.