27 Dec
2019
27 Dec
'19
5:41 p.m.
On Fri, 2019-12-27 at 17:47 +0100, codythejack wrote:
Hello ! The Idea is to authenticate users with eap-tls with certficates. People without any certificate should use different vlan provided by Radius. Only supported authentication should be eap- tls. Is it possible to make authentication with eap-tls with certficates for valid users and some "guest vlan" for users which hasnt any or unknown certificates ?
It's not possible. If the device doesn't present a valid certificate, it won't authenticate. You can't force an "Accept" with EAP methods. You will need to use a different method to handle guest accounts. If you want to use EAP-TLS only you will have to issue certificates to everyone. -- Matthew