Controller OS: 6.4.2.4
Right now our 802.1x auth has enforce machine auth enabled. However, I think this might cause us issues in the future. I would like to still have my byod devices like iphones/ipads be able to place the user into the proper role I have mapped in the Radius server group. The roles would still look for domain computers and properly authenticate them.
Would there be an issue with unchecking enforce machine auth? Right now the 802.1x auth default role is authenticated. The machine auth: default machine role is domain computer and user role I have is a BYOD role. I would still map our students to BYOD, but I have apps on my non domain devices that I can get to internal resources to troubleshoot issues such as SSH.
Also, we are starting to implement enterprise printers using wifi that only faculty and staff can connect and print to. These use peap auth and I setup a test aaa-profile with enforce machine auth off and it worked properly.
I just want to make sure there are no side effects with disabling this option. We are also not using ClearPass. Current auth is done by Windows NPS.
Thanks in advance.