Good afternoon guys! I am running version 2.1.6. The server is currently doing 802.1x authentication for network devices. Some devices are PCs and users use their Windows domain user/password to login. The rest are special network equipments and I use "MAC address authentication bypass" to authenticate them. Now I have a dilemma that I need to make all other devices (guest devices from out of my company) to be authenticated as well... Currently if these devices (usually laptop running Windows XP) support 802.1x, they will fail and they will be put in an Auth-failed VLAN. The VLAN itself is fine and they can do whatever they want on this VLAN. However it's just that annoying icon on their laptops. It pops up from time to time to notify users that they failed authentication and even prompted for username and password if configured to do so... So I want to make all rest devices to be authenticated. It will be even better if I can assign them to a specific VLAN. I was reading ./sites-avaliable/default and I found that "forcibly accept the user (Auth-Type := Accept)". Where do I put it? I tried: post-auth { Post-Auth-Type REJECT { # attr_filter.access_reject Auth-Type := Accept } } And obviously it's not working... Any ideas how I should configure it? Thank you! Difan Zhao Network Engineer difan.zhao@guest-tek.com www.guest-tek.com Office: 403-509-1010 ext 3048 Cell: 403-689-7514