NAC 802.1X Authentication and "Transparent" registration
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-15-2018 09:33 PM
Hi Guys,
I have a customer deploying NAC and they asked me for an "uncommon" feature...
The customer is willing to authenticate users (wireless) with NAC + AD using 802.1x, and want to control how much devices each user can "bring" into the network.
It's ok... I have deployed this kind of scenarios many times using the Authenticated Registration feature, but this customer doesn't want to have the users to, not even on the first access, to authenticate by 802.1x and authenticate again on the NAC Authenticated Registration Portal to have the device registered at the network.
In summary, as the user already authenticated by 802.1x, he wants the device to be "automatically registered" (and if the user already have reached the device limit, it gets denied, just like the portal).
Is there any way to do it?
Best regards,
-Leo
I have a customer deploying NAC and they asked me for an "uncommon" feature...
The customer is willing to authenticate users (wireless) with NAC + AD using 802.1x, and want to control how much devices each user can "bring" into the network.
It's ok... I have deployed this kind of scenarios many times using the Authenticated Registration feature, but this customer doesn't want to have the users to, not even on the first access, to authenticate by 802.1x and authenticate again on the NAC Authenticated Registration Portal to have the device registered at the network.
In summary, as the user already authenticated by 802.1x, he wants the device to be "automatically registered" (and if the user already have reached the device limit, it gets denied, just like the portal).
Is there any way to do it?
Best regards,
-Leo
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-22-2018 09:18 AM
Hi Leo,
I would suggest to open up a GTAC case, in case if this does not exist they can assist in raising a feature request.
I would suggest to open up a GTAC case, in case if this does not exist they can assist in raising a feature request.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-16-2018 11:11 AM
Hi Alex,
The customer is an University and they want zero-intervention on the students devices (nothing more than the OS (Android/iOS/Windows/MacOS) 802.1x user/password...
The captive portal redirection show issues sometimes depending on the user's device/config or gets "cucumbersome" for less experienced (sometimes lazy) users, and the customer doesn't want hundreds of calls to the helpdesk and/or the ombudsman complaining about "I Can't connect", "Your Network Sucks!" or even "In my home it works just fine, but here it sucks".
I don't think NAC have something like he is asking... Maybe using NAC Request Tool or other integration?
Best regards,
-Leo
The customer is an University and they want zero-intervention on the students devices (nothing more than the OS (Android/iOS/Windows/MacOS) 802.1x user/password...
The captive portal redirection show issues sometimes depending on the user's device/config or gets "cucumbersome" for less experienced (sometimes lazy) users, and the customer doesn't want hundreds of calls to the helpdesk and/or the ombudsman complaining about "I Can't connect", "Your Network Sucks!" or even "In my home it works just fine, but here it sucks".
I don't think NAC have something like he is asking... Maybe using NAC Request Tool or other integration?
Best regards,
-Leo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-16-2018 08:46 AM
Hello!
May be you have to look to the PKI direction?
Like each client's device have to have own certificate, but not more then 3.
Because if we talking about device type and OS - it can be 2 same devices with same OS.
If we talking about MAC address - we can change it.
Thank you!
May be you have to look to the PKI direction?
Like each client's device have to have own certificate, but not more then 3.
Because if we talking about device type and OS - it can be 2 same devices with same OS.
If we talking about MAC address - we can change it.
Thank you!
