IAS Server
Ok.... Right now, here is what I have:
- One location
- One Win2003 SMB (does everything, DC, file server, etc.)
- Two access points
- One enterprise-class router
- Two classes of computers: Company-owned computers which I have endpoint security on, so I "trust" them
more and personal computers of employees which I obviously do not put endpoint security on and don't "trust" them as much but they need psuedo-LAN access.
What I would like to do is:
- Have IAS authenticate for BOTH types of computers (all users are in AD)
- Somehow differentiate between the two so, at the router/AP level, I can restrict the "external" network
from allowing LAN access EXCEPT the printers (since they need to print to work)
- I don't want to use a PSK in either of the two unless coupled with PEAP, too easy and it creates a bad
standard with the employees that they can just "give out" the code to the network
Hiccups:
- It doesn't appear IAS can differentiate in any way, shape or form, between SSIDs unless I used double
access points and identified each one by their Client-side IP, which is a waste of money and I can't do right now.
- If I just allow both groups in, what is to stop them from just authenticating against the "true" internal
network? Nothing... Which then they could do and they have access to everything.
- I can't find a way to use a PSK AND IAS authentication on my router/AP... that would solve it OR have
IAS send back a request if the computer isn't in the "RADIUS Group" for a PSK, which would stop them and I would never give it to them.
THANKS
November 16th, 2011 7:25am
Hi
Thanks for posting here,
We can use NPS to redirect hosts to specified VLAN. In this way, we can segregate a network between different groups. First, we should add the two
classes of computers into different groups, then, defined the network policy conditions (VLAN ID attribute) to ensure computers connect to the right network. Meanwhile, we have also need 802.1X compatible and third layout switch devices.
Configure NPS for VLANs
http://technet.microsoft.com/en-us/library/cc731649(WS.10).aspx
Best Regards,
Aiden
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2011 3:32am