IAS Server
Ok.... Right now, here is what I have: - One location - One Win2003 SMB (does everything, DC, file server, etc.) - Two access points - One enterprise-class router - Two classes of computers: Company-owned computers which I have endpoint security on, so I "trust" them more and personal computers of employees which I obviously do not put endpoint security on and don't "trust" them as much but they need psuedo-LAN access. What I would like to do is: - Have IAS authenticate for BOTH types of computers (all users are in AD) - Somehow differentiate between the two so, at the router/AP level, I can restrict the "external" network from allowing LAN access EXCEPT the printers (since they need to print to work) - I don't want to use a PSK in either of the two unless coupled with PEAP, too easy and it creates a bad standard with the employees that they can just "give out" the code to the network Hiccups: - It doesn't appear IAS can differentiate in any way, shape or form, between SSIDs unless I used double access points and identified each one by their Client-side IP, which is a waste of money and I can't do right now. - If I just allow both groups in, what is to stop them from just authenticating against the "true" internal network? Nothing... Which then they could do and they have access to everything. - I can't find a way to use a PSK AND IAS authentication on my router/AP... that would solve it OR have IAS send back a request if the computer isn't in the "RADIUS Group" for a PSK, which would stop them and I would never give it to them. THANKS
November 16th, 2011 7:25am

Hi Thanks for posting here, We can use NPS to redirect hosts to specified VLAN. In this way, we can segregate a network between different groups. First, we should add the two classes of computers into different groups, then, defined the network policy conditions (VLAN ID attribute) to ensure computers connect to the right network. Meanwhile, we have also need 802.1X compatible and third layout switch devices. Configure NPS for VLANs http://technet.microsoft.com/en-us/library/cc731649(WS.10).aspx Best Regards, Aiden
Free Windows Admin Tool Kit Click here and download it now
November 17th, 2011 3:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics