locked
NAP 802.1x Enforcement – Switches we’ve tested w/NAP - What about wireless RRS feed

  • Question

  • NAP works well with wired switches. In my understanding, any end point which is a HUB device for example would be a clear security loop hole for 802.1X NAP. Kindly correct me if i am wrong ?

    Secondly and more importantly how can we have dynamic VLAN switching and corp/quarntine zones using a wireless switch. There is list of switches tested with NAP but no single wireless switch is mentioned.

    All normal wirless switches mostly being used and available neither have support for dynamic VLAN switching / VLANs in the first place. At most what they offer is radius support which means you cannot think about remediation ?

    so 802.1X NAP is definitively a very limited solution in that case. Kindly correct me if i am mistaken.


    Shahid Roofi
    Thursday, December 16, 2010 7:45 PM

Answers

All replies

  • Hi Shahid,

    As far as I know, if you want to use NAP over wireless network, you may need a wireless LAN controller.

    You can find the successful example here. The NPS can play the radius role in this case.

    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

    Regards

    Qunshu

    Thursday, December 16, 2010 7:59 PM
  • Hi Shahid,

     

    Thanks for posting here.

     

    You may also refer to an old thread which discuss similar requirement :

     

    http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/95eabd17-1412-4043-bdb7-c422ecc922ae

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, December 17, 2010 2:25 AM
  • Hi Shahid,

    If there is any update on this issue, please feel free to let us know.

    We are looking forward to your reply.

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tngfb@microsoft.com


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, December 20, 2010 11:27 AM
  • Hi, Tiger Li

    I am trying to implement MS NAP solution with wired/wireless clients in a corporate network with dynamic VLANs.

    During testing I was wondering is it possible to use dynamic VLAN assignments for clients on standalone APs (using Radius attributes) or this is possible only with APs connected to WLC ?

    My next question is would it be possible to setup Connection request policies and Network policies to be identical for wired and wireless clients e.g. 

    I am using guest, restricted, inaccessible VLAN. Can I use one single connection request or network policy for wireed and wireless clients so they can be treated the same way by NPS ?

    Thanks in advance !

    Thursday, April 7, 2011 8:50 AM
  • WLC is the documented solution for this.

    But i've found few models on internet like : http://www.cisco.com/en/US/prod/collateral/routers/ps10538/data_sheet_c78_556319.html

    which also have dynamic VLANs feature of 802.1X as well as radius. I've never been able to verify this functionality though.


    Shahid Roofi
    • Proposed as answer by Terziyski Sunday, July 24, 2011 1:26 AM
    Thursday, April 7, 2011 12:22 PM