Deployed 802.1x wireless and wired networks at different sites for same client plus SmartCard authentication for secure application access.

Deployed 802.1x wireless SSID's with RADIUS authentication.  Deployed 802.1x wired network with core switch being authentication point to RADIUS server.  This included device certificates for non-Windows devices.  802.1x wireless network deployment was to free up existing wires for a secure ThinClient and RDS environment using SmartCard logins  (ThinClient and RDS session) to isolate business system from normal user business PC activity. Using layer 1 (physical security) to prevent someone from accidently plugging into a port and getting a connection since client believes physical security is not a problem but end users are the greatest risk. 

Shorten the window between steps since getting from PoC to production was mostly about teaching skills learned but forgotten.  Also, use a different vendor for ThinClients - we are an HP/HPE shop but the ThinClient group was left in HP not HPE so support was a challenge sometimes to get answers.