I have a WLC setup with one ssid (ssid A) using Web auth tied back to NPS with the requirement be that you have to be in the domain users group to authenticate. It works fine. I have SSID B setup using eap-tls with the requirement of the pc having to be in the domain computers group. This work as a new user can login to the pc without having ever logging into it before. When I try and take my person pc and join ssid b it get an error as expected. But if I take my android phone and tell it to accept any certificate unspecified it will be allowed to join and i think its because it may be failing against the first match which may be the domain users requirement but matching on the domain users group requirement. It seems that the fail through is the issue.
You need to see how devices are passing via NPS. With webauth, it should only allow username and password and EAP-TLS should only allow machine. So when you create your NPS policy, webauth should point to only the OU and EAP-TLS should point to your domain computer OU.
Move SSID B before the SSID A policy. You can also add a called station id for the EAP-TLS SSID using something like:
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...