Solved 802.1x wired security best practice
-
For those that are running 802.1x device authentication for wired windows devices, do you have a port that bypasses authentication so that you can join your workstations to the domain and get the group policy to push the cert down?
Then just have a jack on your bench where you build new machines that lets you join it to the domain and get the cert before you put the machine out on the floor?
For devices like copiers, is there anything you can do besides MAC filtering that puts them in a copier VLAN?
-
@mike-davis said in 802.1x wired security best practice:
For those that are running 802.1x device authentication for wired windows devices, do you have a port that bypasses authentication so that you can join your workstations to the domain and get the group policy to push the cert down?
Then just have a jack on your bench where you build new machines that lets you join it to the domain and get the cert before you put the machine out on the floor?
For devices like copiers, is there anything you can do besides MAC filtering that puts them in a copier VLAN?
Newer Copier do support 802.1x, see below for Xerox
Otherwise MAC Filtering is the way to go.For the port, if we have MDT and WDS we have the ports without any authentication and then they are joined to the domain.