cancel
Showing results for 
Search instead for 
Did you mean: 

Allowing only one end-system per domain user?

Allowing only one end-system per domain user?

Dani_tH
New Contributor

Hi all,

Short background info :

On our network, users authenticate for wired and wireless network with 802.1X.
The users and computers are retrieved from our Domain controller. 

The AD is the primary radius server linked to 2 NAC virtual appliances, which we use for policies/access control. 
Some devices, like copiers, raspberry pies, ..authenticate locally with MAC

Furthermore

  • Mainly X440G2/X450G2 switches,
  • Extreme management center appliance,
  • 2xC35 wireless controllers an use

I have been asked to look into the following :

To reduce the number of devices users can concurrently use to connect to the network. Ideally, they should get disconnected on their own devices from Wi-Fi when they try to log in on a school owned device..

Is this something that can be done, some way or another..? 🙂

Thanks

Daniël

1 ACCEPTED SOLUTION

Matthew_Hum
Contributor

This is possible and I have POC’d it out at one point some years back, but I needed to use an additional authentication server (FreeRADIUS) and NAC was using proxy-RADIUS to Freeradius and Freeradius authenticated against AD. Freeradius needs some additional configuration to make this work.

View solution in original post

1 REPLY 1

Matthew_Hum
Contributor

This is possible and I have POC’d it out at one point some years back, but I needed to use an additional authentication server (FreeRADIUS) and NAC was using proxy-RADIUS to Freeradius and Freeradius authenticated against AD. Freeradius needs some additional configuration to make this work.

GTM-P2G8KFN