802.1x and NPS to secure wired intranet

Question

I want to secure our network from unmanaged device (for example a user brings a laptop from home and connects it to a port in a meeting room).

As far as I understood I can use 802.1x and a RADIUS server even if I'm not connecting through a VPN or a Wireless connection but it's a local connection in my intranet. Am I right?

If so, how does it work? My doubt is: how can a user login to his computer using a domain account if he needs to be authorize by the RADIUS server to use the switch port (and consequently reach the domain controller)?

score 0 · Answer 1 · answered Jun 24 '19 at 15:32

0

802.1X authentication is pre-login. The client provides a certificate or login credentials, which the network gear checks via RADIUS. Plan NPS as a RADIUS server

Initial domain join likely will need to be in a provisioning VLAN not secured by 802.11x.

answered Jun 24 '19 at 15:32

John Mahowald

32,050
2
19
34

802.1x and NPS to secure wired intranet

1 Answers1