locked
802.1x and dynamic VLAN RRS feed

  • Question

  • Hi,

    we want to implement 802.1x EAP-TLS in our wired network, in order to asign users to a different VLAN depending on its fuction.

    We are using Microsoft DC, CA and IAS server with W2003.

    Clients are running XP-SP2.
    802.1x switches are Cisco Cat3560.

    Process should be:

    1.- PC is up and using its "computer certificate" it's assigned to a VLAN in order to download domain policies. Profile is not a roaming-profile.
    2.- User logon and then using its "user certificate" it's assigned to a new VLAN depending on the AD group user belongs to.
    Both, computer and user certificates are installed in the PC using autoenrollment process.

    I've read in other discussion that is not possible to do with XP-SP2.

    Could anyone confirm if it's possible or not using just these systems ?
    If not, could you please tell me what is neccesary to deploy this system.

    thanks

    Thursday, April 2, 2009 9:58 AM

Answers

  • Hi,

    You need XP SP3 to use NAP, but if you are only authenticating user information, you can do this with XP SP2. NAP provides the ability to add health information along with user authentication.

    -Greg
    Tuesday, April 21, 2009 12:30 AM

All replies

  • I think the Health Agent is available in XP SP3.  Are you planning on using Authentication only?
    Thursday, April 2, 2009 7:48 PM
  • We want to use in order to provide access to network only to valid computers (to avoid a home laptop can connect or similar) and asign each user to a different VLAN.

    So only authenticated computers can access the network, and to switch the network by department (one diferent VLAN to each department).

    I understand we need to have XP SP3 installed, isnt't it?
    Thursday, April 2, 2009 8:25 PM
  • Hi,

    You need XP SP3 to use NAP, but if you are only authenticating user information, you can do this with XP SP2. NAP provides the ability to add health information along with user authentication.

    -Greg
    Tuesday, April 21, 2009 12:30 AM