Wireless authentication network design questions... best practices... etc...
Working on a wireless deployment for a client... wanted to get updated on what the latest best practices are for enterprise wireless.
Right now, I've got the corporate SSID integeatred with AD authentication on the back end via RADIUS.
Would like to implement certificates in addition to the user based authentcation so we have some level of dual factor authentcation.
If a machine is lost, I don't want a certificate to allow an unauthorized user access to a wireless network. I also don't want poorly managed AD credentials (written on a sticky note, for example) opening up the network to an unathorized user either... is it possible to do an AND condition, so that both are required to get access to a wireless network?
Wireless authentication network design questions... best practic
There really isn't a true two factor authentication you can just do with radius unless its ISE and your doing EAP Chaining. One way that is a workaround and works with ACS or ISE is to use "Was machine authenticated". This again only works for Domain Computers. How Microsoft works:) is you have a setting for user or computer... this does not mean user AND computer. So when a windows machine boots up, it will sen its system name first and then the user credentials. System name or machine authentication only happens once and that is during the boot up. User happens every time there is a full authentication that has to happen.
Check out these threads and it explains it pretty well.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...