Hi Guys,
Trying to work out the *best* way to achieve this if possible. Its been a long time between Aruba lunches so just getting back into the swing of things and thoughts are apprecated!
Setup - dual controllers, single corporate NPS server, single airwaves server. No clearpass.
SSID 1 - full access - Corporate devices auth'd via machine certs - EAP-TLS using corporate MS NPS server
SSID 2 - internet access only - BYOD devices auth'd via EAP-PEAP - using corporate the same MS NPS server.
We definitely do not want any misconfiguration on NPS policy that would allow users to get their xPhones & xPads onto SSID 1 via PEAP.
We ideally do not want corporate laptops on SSID 2 by default (although not sure if this is too much effort to try and block)
They have an existing "basic" setup for SSID 1 - about as complex the NPS policy gets is checking computer is member of a group (plus cert of course).
Is there an achievable way to get this happening without breaking too much of the existing setup?
Would it help simplicity to farm off the auth for SSID 2 to another radius box?
cheers,
Pete