EAP bypass

[Danny Paul]

>>> Yes, the switch would be "wide open" for the day - but that's better than 
> completely shut down in management's opinion.
>> 
>>   Or, you could put procedures in place to warn you about expiring
>> certificates.

Already in place. The example of expired certificates is just one possibility.

>>   "guest vlan" is just a name.  If your network is so bad that all of
>> the certificates have expired, making the "guest vlan" the same as the
>> "normal vlan" isn't a problem.

The network is not "that bad." Recovery procedures, such as what to do if you finally find yourself in a situation such as this keep the network from being "that bad."
And without getting into too many details, there would be no easy way to change the access of the "guest vlan" or whatever terminology you want to use so that more network resources could be accessed.

> Yeah the dynamic keying won't work... This will only ever work on wired
> connections.

Agreed. Still talking about wired only.

Now that we're all in agreement that this is technically possible, even if it is a terrible idea, on to how to do it. I've had one vote for the users file, I think that would work just fine and I think I'll test that out later on today. Thanks for your reply.