I am in the midst of setting up Onboard for my wired 802.1x environment.
In order to enable 802.1x on Windows clients, I have deployed a GPO that turns on Wired AutoConfig and configures the 802.1x service to use EAP PEAP as authentication.
When trying to Onboard a client, the QuickConnect provisioner needs to change the 802.1.x config to EAP TLS, however, due to the GPO, the 802.1x settings cannot be changed and QuickConnect fails to properly provision the client.
Has anyone else run into the same situation and what was your solution?
Were you able to still enable and configure 802.1x settings via GPO and somehow have QuickConnect provisioner update to EAP TLS when Onboarding?
So I need the Windows workstations to have Wired Autoconfig service set to auto start, as by default it is a manual start service.
And I also need clients to have 802.1x configured for EAP-PEAP that will not be Onboarding.
Would I just be better off manually applying the 802.1x settings on the Windows client?
Yes, the supplicant needs to be configured via your management platform.
CPPM Onboard Assisted Provisioning is not supported for managed devices.
Thank you, that seems to put this in order for me.
At the current stage of our deployment, its wired 802.1x for domain machines and MAC Auth for networked devices. We also plan on deploying OnGuard for 802.1x posture checks. OnBoard doesn't seem to have any use in our intended setup based on what you've explained.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.