Security

HI,

 

I am using User + Machine auth. for windows user and that is woring fine (SSID : Employee). Using self signed certificate.

Now i have Mac book and they are the part of windows domain. 

 

Can i use same SSID & enforcement policy for Mac Book? or if i add one more rule in the same enforcement policy --> User + mac auth.(static host list)

If not please suggest alternate more secure solution.

 

Thanks in advance...

 

 

Yes, you can but it's a much more complex authentication as Macs do not natively perform machine authentication. 

How are you managing your Macs? Profile manager or an MDM? 



Thanks, 
Tim

Thanks for quick reply....

 

for system mac, i will use CPPM static host list.

 

Regards,

Nik..

You can only use MAC address as an authorization. The device still needs a machine credential to authenticate. 

How are you managing the devices? 


Thanks, 
Tim

I will use windows AD for Mac book authentication.

How are you managing your devices? You need to be able to push a network profile down (or manually install on every single device) 


Thanks, 
Tim

Enforcement profile policy will push  vlan info to authenticated + authorize users.

Please correct if i wrong..

You need a custom configuration profile installed on the devices to be able to do Machine + User authentication. 


Thanks, 
Tim

i can't do that on all mac book. Is there any alternate authentication method i can use instead of machine authentication?

You're not managing the devices? 

User authentication with MAC address authorization or Onboard would be the alternatives. 


Thanks, 
Tim

Hi,

 

I have added new rule in the same enforcement profile using static host list. Add static host list group in authontication server list.

 

Regards,

Nik..