I am trying to implement 802.1x security on the network. I am tesiting on a switch on one of the ports with the following config
aaa authentication dot1x default group radius
radius-server host x.x.x.x auth-port 1612 key rad1234
dot1x port-control auto
switch is added as client on DC with IAS installed. I have a remote access policy configured called DOT1X AUTHENTICATION. In active directory i have a global group called AUTH PC's.I have no certificate set up on server. My questions are as follows
1. What needs to be added to Active Directory group ? All domain pc's
2. On client LAN properties PEAP settings. Do I need certificate generated or can I just add dc to trusted servers. I am using MSCHAP V2 here.
Also if pc is on domain it will allow authentication. If not it will then prompt for username/password.
If I am missing anything please let me know of if config needs tuning