IAS Server
Ok.... Right now, here is what I have: - One location - One Win2003 SMB (does everything, DC, file server, etc.) - Two access points - One enterprise-class router - Two classes of computers: Company-owned computers which I have endpoint security on, so I "trust" them more and personal computers of employees which I obviously do not put endpoint security on and don't "trust" them as much but they need psuedo-LAN access. What I would like to do is: - Have IAS authenticate for BOTH types of computers (all users are in AD) - Somehow differentiate between the two so, at the router/AP level, I can restrict the "external" network from allowing LAN access EXCEPT the printers (since they need to print to work) - I don't want to use a PSK in either of the two unless coupled with PEAP, too easy and it creates a bad standard with the employees that they can just "give out" the code to the network Hiccups: - It doesn't appear IAS can differentiate in any way, shape or form, between SSIDs unless I used double access points and identified each one by their Client-side IP, which is a waste of money and I can't do right now. - If I just allow both groups in, what is to stop them from just authenticating against the "true" internal network? Nothing... Which then they could do and they have access to everything. - I can't find a way to use a PSK AND IAS authentication on my router/AP... that would solve it OR have IAS send back a request if the computer isn't in the "RADIUS Group" for a PSK, which would stop them and I would never give it to them. THANKS
November 16th, 2011 7:25am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics