Hi ; I wanna add some extra notes  ,   Cisco ise does not support  two or more AD for external Identidy source , you need to define  ldap for addtional ad support but ldap does not support peap protocol you need to use eat tls Also Cisco could not use different certificate for every  ID Cisco ise does not support accounting you need define accounting on Radius Client devices. Cisco support sxp protocol for auhentication information exchange this protocol will be IEE standart protocol so  cisco switches and firewall support this feature now Cisco has huge documentation and golden labs , that's great for network admins. Also Cisco prime network management gets extra visibility about network  Base license is too cheap ,you can do most of feautere with base license  .And you  can buy enough advanced license  that you need. But advanced license has time range 3 or 5 years options   Juniper supports reporting in new release  Juniper supports accounting  Juniper use if-map instead of sxp  , i think sxp more powerfull than if-map Juniper still does not support onboard profiling solution ,they use beacon for profiling The biggest missing part of juniper that you could not define  policy about user and user profiling device same time. for examle if user name x and device iphone assign y vlan.you can do it with cisco ise  There's no time time limitation for licensing but you could not use same device for AD(802.1x ) and Adncanved license on same box.Also profiling need extra license .        Both solution does not support TACACS protocol       ... View more

Hi giulia   You are right way , you can create vlan and give ip address from guest vlan for guest access. You need to make switch port that connected to the uac as trunk port and set native vlan uac access vlan . and tag guest vlan both switch and uac thanks ... View more

dhcp relay is l3  function none of l2 switch can do it.   ... View more

Hi Kalagesan ; Layer 2 switch does not touch dhcp packets  if you'd not  configure dhcp option 82 with subsriber id    . so you could not do with switch with your offer .But you can use  ip source guard or dynamic arp inspection on switch site to  prevent using static ip address  also is it possible create a host checker that check registry setting for dhcp enable on  client pc , like that    System Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{Adapter}\ Parameters\Tcpip] Value Name: EnableDHCP Data Type: REG_DWORD (DWORD Value) Value Data: (0 = DHCP Disabled, 1= DHCP Enabled)   Another soluiton may be using with dhcp option 82 with dhcp subscriber  id  , with custom radi›us  attribute define for user traffic and  define custom dhcp scope for this dhcp packet that comes specific dhcp subscriber  id .This can be solution but can very tiring you. This link help you about dhcp subscriber id  http://blog.ine.com/2009/07/22/understanding-dhcp-option-82/   ... View more

you can do it with using directory attribute check settings. directory attribute check user mac address and 802.1x check machine cert. i have tested  it with beacon profiler for mac  but not test on AD . in my scneraio i check user and then mac id if user credential true and user mac is in our company i permit the user to authenticate. thnks ... View more

Aruba support different nas-identifier for different ssid .So you need to define a custome rule for this  nas-identifier for example    rule 1 work only user come from nas-identifier xssid and yssid rule 2 work only user come from nas-identifier xssid   if user match rule2 but try to authenticate ssid with nas-identifier yssid , could not authenticate.   ... View more

hi you need to check logs files for exact error   ... View more

hi  you need use vmi filter and make different oac installer for every vmi filter  for example create vmi filter for windows 7 32 pc and apply oac 32 installer  and other vmi filter for win 7 64 or win vista machine. Bs if you create oac on windows 7 64 is not working other operati›ng system properly we implement two customer like that thanks ... View more

i advice you to use both machine and user authentication same time. best practice is that. the other solutions is not working properly ... View more

hi ; i have install both vm and sm360 beacon profiler . there's an ovf template so you dont need choose operati›ng system.    uname output may be help you 4 FreeBSD 8.3-RELEASE-p4 #0:   thanks ... View more

hi ; 802.1x works only access port  , if you make a port trunk , it'ld not worki thanks ... View more

Hi ; I am using and tested it  in my network. good product for seeing network and report network devices thanks   ... View more

i have use both devices ; my opinion are  following cisco has own reporting and profiling solutions. but licensing is complex and limit with time.you can take license for 3 aor 5 years  and include basic ,advanced and wireless license. Cisco configuration screens  looks smarter  but more complex than juniper.Cisco has intergrated  profiling so profiling configuration easier than juniper+beacon    juniper uses strm for logging and reporting well then ise reporting logging  and integrated with  beacon for profiling  beacon  .you need buy juniper nac with strm and beacon .With this situation price is cheaper or same as cisco  Beacon bring extra feature that cisco dont have .Also you can use beacon with cisco ise.   Also juniper nac , integrated radi›us has cool feature and you can use complex radius scenario like token-sms other  auhentication features     ... View more

Hi ; the advantages of cisco and juniper    Cisco screens're smarter Cisco has own reporting tool Cisco has integrated profiling   juniper more flex advanced radius function srx integration        ... View more