We are using SBR 6/1 and currently using EAP-PEAP with a certificate. I'm trying to lock down access even further by doing one of two things: 1) Limit access to only the enterprise's brands MAC address. I think Ican do this in a profile with a Check List, but am not sure what parameters I would need to add. And can I even specify that clients must meet the requirement of the first part of a MAC? 0011:ffff:* for example. 2) Can I make it where the radius certificate has to be preloaded on the machine, so clients connecting with mobile phones dont get a prompt to download the certificate?
... View more