We use Active Directory and we have a Cisco ACS 3.2 appliance and all Cisco switches. Most machines ar XP Pro and some 2000. We have a problem of unsolicited machines plugging into our network and it's a big network. I would like to use 802.1x PEAP with MSCHAPv2 for machine authentication. I was doing a little research and it sounds like I won't need to install a certificate on each computer (very nice). The ACS will require a certificate from a CA however.
So, can I use a private certificate for my ACS box? Buying a public certificate is way too expensive and this is not a public service. The client will look for some kind of root authority so that's why I'm wondering...
Here is the link where I found all this info:
Also- fyi, I want to use this for wired, not wireless as shown in example using Cisco 2950 switches (I can handle the switch setup).