Hello, We would like to enforce authentication for all clients connecting to our network (wired or wireless), so that when a client connects, the client will not be able to use the network unless it successfully authenticates (e.g. via web) with a valid account (LDAP-based). We have a network based mainly on Cisco 2950/2960 switches. We are running a central LDAP Server (openldap) where we hold user accounts, which are used for mail, ftp, web, Shibboleth access. I guess we can enable 802.1x on switches and require authentication of clients over freeradius. Is there a suggested sample freeradius configuration for such use? Can you please provide one or point me to a URL for it? Can you share your experience and any pitfalls we should consider? Any experiences on such use? Does this scale well (for about 20-30 switches)? Should we consider a central management solution? (Which?) Thanks in advance, Nick