[PacketFence-users] NAC / radius cisco aironet, cisco wifi controller same ssid ,802.1x wireless active directory pki for computer domain with a vlan id différent from other computer without domain and specific vlan all setup with the same ssid

Tue, 10 May 2022 03:59:25 -0700 

hello I have wifi controllers and cisco aironet 1852 compatible 802.1x my
idea is to have to imperatively control and authenticate by certificate the
wifi users who are in my domain and create a specific configuration for the
users who come with their own machine  .  my access controllers have
several ssids and for this proof of concept i have to connect two buildings
with wifi terminals and cisco asr 1000 switches. i would also like my
packetfence server to be able to do 802.1x on a specific vlan, on a
 Specific SSID.  but not touch the current configuration in production.
 what are the procedures to achieve this, then I use my Active Directory as
the company pki or then I use the packetfence server as the CA root server.
 if ever the radius drops or the packetfence drops down to fail-open
features?  or do I have to create a second ray of server which will be in
charge of communicating with my wifi access controllers?  I would like
there to be a trash vlan at the connection for the time of 802.1x
validation, then if it's ok, the vlan should change.  does the wifi
certificate process on a machine in my domain or outside my domain require
you to add a user account and password to retrieve the certificate from my
active directory for a machine in the domain?  can I also not allow
machines that are not in my domain to discuss with my active directory and
create a remediation such as windows update, antivirus?  and that the
packetfense can manage the machines out of the domain by implanting them on
a particular vlan which will not have access to certain networks.  how can
i proceed?  I need documentation and adapt a template for my aironet wifi
and my controllers.  my active directory is connected to my server the
green light seems to tell me that the server is well connected, however I
want to be sure that everything is ok on this point of view.  thank you for
your explanations

Best regards

Sofiane

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to