topic Allowing only one end-system per domain user? in Network Architecture & Design https://community.extremenetworks.com/t5/network-architecture-design/allowing-only-one-end-system-per-domain-user/m-p/80775#M2634 <P>Hi all,</P> <P>Short background info :</P> <P>On our network, users authenticate for&nbsp;wired and wireless network with&nbsp;802.1X.<BR /> The users and computers&nbsp;are retrieved&nbsp;from our Domain controller.&nbsp;</P> <P>The AD is the primary radius server linked to&nbsp;2 NAC virtual appliances, which we use&nbsp;for policies/access control.&nbsp;<BR /> Some devices, like copiers, raspberry pies, ..authenticate locally with MAC</P> <P>Furthermore</P> <UL><LI>Mainly X440G2/X450G2&nbsp;switches,</LI> <LI>Extreme management center appliance,</LI> <LI>2xC35 wireless controllers an&nbsp;use</LI> </UL><P>I have been asked to look into the following :</P> <P>To reduce&nbsp;the number of devices&nbsp;users can <STRONG>concurrently</STRONG> use to connect to the network. Ideally, they should get disconnected on their own devices from Wi-Fi when they try to log in on a school owned device..</P> <P>Is this something that can be done, some way or another..? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Thanks</P> <P>Daniël</P> Thu, 05 Mar 2020 05:43:00 GMT Dani_tH 2020-03-05T05:43:00Z Allowing only one end-system per domain user? https://community.extremenetworks.com/t5/network-architecture-design/allowing-only-one-end-system-per-domain-user/m-p/80775#M2634 <P>Hi all,</P> <P>Short background info :</P> <P>On our network, users authenticate for&nbsp;wired and wireless network with&nbsp;802.1X.<BR /> The users and computers&nbsp;are retrieved&nbsp;from our Domain controller.&nbsp;</P> <P>The AD is the primary radius server linked to&nbsp;2 NAC virtual appliances, which we use&nbsp;for policies/access control.&nbsp;<BR /> Some devices, like copiers, raspberry pies, ..authenticate locally with MAC</P> <P>Furthermore</P> <UL><LI>Mainly X440G2/X450G2&nbsp;switches,</LI> <LI>Extreme management center appliance,</LI> <LI>2xC35 wireless controllers an&nbsp;use</LI> </UL><P>I have been asked to look into the following :</P> <P>To reduce&nbsp;the number of devices&nbsp;users can <STRONG>concurrently</STRONG> use to connect to the network. Ideally, they should get disconnected on their own devices from Wi-Fi when they try to log in on a school owned device..</P> <P>Is this something that can be done, some way or another..? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Thanks</P> <P>Daniël</P> Thu, 05 Mar 2020 05:43:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/allowing-only-one-end-system-per-domain-user/m-p/80775#M2634 Dani_tH 2020-03-05T05:43:00Z Re: Allowing only one end-system per domain user? https://community.extremenetworks.com/t5/network-architecture-design/allowing-only-one-end-system-per-domain-user/m-p/80776#M2635 <P>This is possible and I have POC’d it out at one point some years back, but I needed to use an additional authentication server (FreeRADIUS) and NAC was using proxy-RADIUS to Freeradius and Freeradius authenticated against AD. Freeradius needs some additional configuration to make this work.</P> Sat, 21 Mar 2020 13:38:59 GMT https://community.extremenetworks.com/t5/network-architecture-design/allowing-only-one-end-system-per-domain-user/m-p/80776#M2635 Matthew_Hum 2020-03-21T13:38:59Z