Hello list,
I'm looking for a way to enforce a windows end-station, to connect to a certain (permitted) wired network ONLY! Half way of achieving such restriction, will be (in my opinion) to use some form of 802.1x (say EAP-TLS) so the PC will be able to recognize that *permitted* network – BUT, and that were the problem lays, what will make the windows stop at this point? Let me illustrate this with the following example – assume I set up a wireless network protected by EAP-TLS. Now, each time a user connects, the network get authenticated. Any other PC not provided by me (and therefore, doesn’t have the PKI means of authenticating itself to the network) will obviously not connect to that SSID. But – as we all know, basically that PC *will be able to connect* to any other SSID and that's exactly what I'm trying to prevent. Now, in the realm of Wi-Fi, group policy can restrict the PC to only 1 SSID and prevent the user from changing it. But, how can you prevent a PC from proceeding with DHCP etc. after dot1x failed to authenticate? Any ideas will be welcomed. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
