We are not using CPass for our internal Wireless Network authentication.
We are using a separate NAC service, the same one we use for wired devices on the internal network.
The issue is , much like it would be for CPass, is that they need an IP just to get to the authentication service.
* We want to try and stop them at the time of connection attempt to the SSID if possible (At the controller).
Something like Unable to connect to the network but only for specific devices or the opposite... only allow certain device types to connect.
I purposely left out the authentication component because I want to stop them before authentication attempt occurs.
That was where my question was directed for this forum.
We are looking at numerous other options from the authentication perspective but that is not what I wart from this thread.
Network Infrastructure Architecture Specialist,
ICNOP – BELL,
22 Botsford St, Moncton NB E1C 4W7
TEL (506)856-7419 Cell (506) 381-3831
That is what I expected.
Sr. Technical Architect,
ICNOP – BELL,
In response to this.... "and actually occurs prior to Layer 3." On a packet capture the controller puts the client into a logon role and provides an IP from a DHCP pool on order to send the client (with their assigned IP) authenticate 802.1x to a NAC server. So L3 is required for this function.
We currently have MC and MD controllers
We do have control working at that level. NAC gets device fingerprint from controller and flags the device as a cellular device and stops them from connecting to the network and actually changes their VLAN to one without an IP.