I've done this using Cisco fat APs and HP thin APs using 802.1x EAP/TLS and machine authentication. Works great! Email me offline if you want.
JR _____ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Ranjit A Philip Sent: Wednesday, March 19, 2008 7:03 PM To: [email protected] Subject: [WIRELESS-LAN] Machine Auth To get rid of MAC Address based registration, we are moving towards an 802.1x, WPA/TKIP and WPA2/AES schema with a RADIUS, AD, LDAP backend. With respect to those hosts in our infrastructure that are on Microsoft Active Directory, we would like them to go via RADIUS to AD and authenticate the machine into a connected state allowing them to initiate their wireless connection so that when they use the AD user credentials they are passed through for authentication. We currently have Cisco fat AP's (moving to an Aruba controller based architecture later this year) that we would like to make this work with. If anyone has experience with this type of an architecture using Cisco fat AP's, please let me know. We can talk off-line if that is the preference. Thank you, Ron ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
