Security

Reply
Highlighted
Occasional Contributor II

Wired non-domain machine access

I am considering different options for allowing non-domain wired machines on the network. 

1. CIsco switches access port will be configured with dot1x and mab in that order.

2. Employee bringing their personal laptop will not likely have dot1x supplicant and I want to redirect them to the Guest portal. We are using Cisco Switches. I am also looking for a smaple implementation. 

3. Guest brining their laptop will also be redirected to guest portal after failing dot1x. 

 

In this scenario both employee and guest will have same access. It is not an ideal solution. I need ot address the employee laptop onboarding issue. Should I create a new portal and allow employee to onboard using that portal with AD authentication? I have not done it before s if there si any sample config/document it would help. 

 

Is there any other consideration? 

 

Frequent Contributor I

Re: Wired non-domain machine access

Hello Faadi,

 

These two links should be able to help you:

 

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-Enable-Dot1x-authentication-for-wired-clients-in-Cisco/ta-p/187704

 

https://community.arubanetworks.com/t5/Security/Guidance-with-MAB-and-ClearPass-Captive-Portal-for-Wired/td-p/416047

 

You could find more documents in the comments section of the second link.

 

hope this helps..

 

 

-If you got what you need with my answer please give kudos and mark it as solution.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: