Machine + User Authentication

Muhammad Hammad rajahammad at gmail.com
Mon Oct 16 12:18:23 CEST 2006


Hello everyone

I would appreciate if anybody could tell me whethere FreeRADIUS supports the
following scenario or not.

Currently, we have Foundry FastIron Edge 2402 switch. What we need is to
deploy 802.1x user AND machine authentication.

1) If (Machine authentication is successfull)
       then (If User authentication is successfull)
            Drop the user in their respective VLAN.

2) If (Machine authentication is successfull)
      then (If User authentication is NOT successfull)
           Drop the user in their default restricted VLAN.

3) If (Machine authentication is NOT successfull OR there is no machine
certificate)
       Drop the user in their default restricted VLAN OR Dont allow access
to the switch port.

Now the question I want to ask is, whethere FreeRADIUS supports the third
case i.e. to disallow access OR drop in restricted vlan  if machine
authentication fails.

Cisco Machine Access Restriction 4.0 for Windows (
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_data_sheet0900aecd802fefd7.html)
claims to support the abaove scenario.

It would be great if someone could also tell me the relative
parameters/configuration for the above particular case, if FreeRADIUS
supports it.

Regards
Hammad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061016/db307dff/attachment.html>


More information about the Freeradius-Users mailing list