Good day folks,
I'm hoping someone could give me some insight regarding a problem with Wired 802.1x...
At the moment we're using EAP-TLS for wired 802.1x using Windows NPS. We already have a small Clearpass implementation for some Wi-fi networks and we are planning to migrate the wired network to Clearpass. Currently we only do machine authentication, and if a computer fails authentication the port is authorized to an air-gapped guest vlan. This means that whenever a certificate expires or a new computer is deployed, we have to manually disable port authentication and it's an absolute pain in the arse.
Moving forward, I would like to find a way to authorize domain-joined devices to a remediation vlan instead of the air-gapped vlan, so I could give them access to AD, Ca servers, etc. but I'm not really sure how to do this... I've been looking around the Aruba Community and the Wired 802.1x guide but I can't really find a solution to this issue. How does everyone else do guest/remediation vlans?
TL;DR I would like to find a way to put domain-joined devices in one vlan, and other devices in another using only MAB.
No comments:
Post a Comment