Is anyone using the following combination: Bradford NAC
802.1x authentication Cisco fat APs (1100s and 1200s) I've been working on getting 802.1x working with our Cisco fat APs (1100s and 1200s) and Bradford NAC. So far, it's been working, but not as exactly as we'd like it to. Ideally, what we'd like is as follows: Using 802.1x and WPA, we'd broadcast an encrypted SSID called "XXX". A person would supply their AD credentials and if they weren't registered, they would be placed into the "registration" vlan, and assuming they had anti-virus software on their computer and it was up-to-date, then based on their role they would be placed in the appropriate vlan. We'd also like to continue to have a non-encrypted SSID called "YYY" (which wouldn't be broadcasted, because with our Cisco APs it seems we can only broadcast one SSID at a time) but people could connect to this SSID, be placed in the "registration" vlan, , and assuming they had anti-virus software on their computer and it was up-to-date, then based on their role they would be placed in the appropriate vlan. >From the testing I've done, with the Cisco fat APs, it seems that we can't have two registration vlans. If we have an encrypted "registration" vlan, we can't also have a non-encrypted "registration" vlan, because Bradford only has the option for one registration vlan. On the non-broadcasted, non-encrypted SSID called "YYY" people could still connect to it, but the Bradford posture checking wouldn't be done since they wouldn't be placed in "registration" before being able to access the network. So, my question is, is there any way to configure the Cisco APs and/or Bradford NAC to get posture checking (ie. be placed in Bradford's registration vlan) to work for both encrypted and non-encrypted wireless SSIDS on one AP? Would purchasing a Cisco AP controller and changing the firmware on the fat APs to lightweight APs give me this ability? Do other people have a similar setup to my ideal setup, if so how was it accomplished? Thanks. Jason Youngquist Network Engineer - Security Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 [EMAIL PROTECTED] http://www.ccis.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
