Well it seems like you should know about the various ways before you decide on what you should do. Mac recording... Doesn't really help here. What you want is a way to only trust company assets using active directory.
First off, to be able to look up AD credentials and it computer info, you need a radius server. Research 802.1x....
Now since you have AD, Microsoft has its own radius servers. 2003 is IAS and 2008 is NPS. I will not go over other radius servers for now.
Usually the best way is to use EAP-TLS. EAP-TLS requires a certificate on the radius server and on the client device. This way, only devices that have this certificate will be able to authenticate. EAP-PEAP only requires a certificate on the radius server and you can either user AD credentials and or machine authentication. Now with AD credentials, you really can't prevent a user from knowing how to setup another non company device to access the wireless. Machine authentication only works for windows machines also. So you really have to think what will be on the wireless and how can you control that.
Cisco ISE can profile devices and is the big brother to Cisco's radius server ACS. You can place a certificate or registry entry or something else and decide what devices will have access and what will not. This will also keep a list of MAC address and sort them by device profiles or you can manually sort or put them in a category you wish.
Either way you look at it, ISE is probably the best way and only way you can reach the requirement you want, but when it comes to wireless, you must know what devices you have and what type of encryption and authentication they can use. For example, if you have scanners, some can't do 802.1x. If you have Apple TV, you can't do 802.1x and that has to be pre shared keys.
To begin we havn't ISE, I think that's the best solution but for now I've to work without it.
I've some qustions:
1- Which kind of certificat may I use? because I want to use those delivrate by my company
2- My aim is to facilitate access to employee so they have not to enter their login evrery day to have wireless network. then, could you please help me to make choise between the two protocols (EAP-PEAP /EAP-TLS)? I read some documents but they are so complicate, I could not make my choice.
3- I want to let a certain categorie of emplyee to have access to LAN network, is it possible?
4- Our radius is a linux server, then it's not necessary to use the NPS?
With radius you can set a policy to only allow certain OU's to have access. If you want to use username and password, then you use PEAP. This requires a certificate on the radius server only. It's tough to tell you what you need without knowing all the devices, what can each do, etc. do you have a PKI infrastructure or not. Are you just using a trusted root CA for your certificates. There is sooooo much info that it would be best to consult with your local Cisco SE or your Cisco vendor if you are using one. EAP-TLS is more work but Very secure since all the clients need a certificate. PEAP just requires a cert on the radius server.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...