Assign link-local addresses on authentication/authorization failure
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Mar 20 13:26:01 CET 2014
> For more details -- setting up WPA enterprise wifi network, and we require our LDAP users to be part of certain groups to get on ("wirelessfaculty," and "wirelessstudents"). If they fail to authenticate due to bad password it'd be nice to give them a 169.254.0.1 address.
That's not possible. If they fail authentication then they will be disassociated from the access point.
Depending on the EAP method you can send back an Access-Aceept, but assign them into a 'quarantine' VLAN.
This will not work with methods such as EAP-PEAP, only EAP-TTLS.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140320/62387110/attachment.pgp>
More information about the Freeradius-Users
mailing list