wired 802.1x for desktops (offtopic)
aland at deployingradius.com
Tue May 26 19:16:40 CEST 2009
Mikael Kermorgant wrote:
> My Goals :
> 1) authenticate access to the network from Open Public Access Catalog
> (OPAC) desktop machines available to every user of a biblioteque.
OPAC? That must be term local to your site. I don't know what it means.
> 2) have a guest account with limited LAN access (no access to internet,
> or just a very short whitelist)
> 3) Keep the machines reachable from some servers (ghost server,
> monitoring, etc). (this criteria eliminates the solution of a captive
It's hard to setup guest access without a captive portal.
> I thought 802.1x with dynamic vlans would be a nice solution as it
> should permit to put the guest account in a specific vlan.
Maybe. Do the client machines do 802.1X? How will they get a
username/password for authentication?
> But how would it be possible to reach the machine from the management
> servers before someone authenticates ?
It won't be possible. If you've configured 802.1X, there will be no
network available until after authentication happens.
> Is it possible to have a default
> vlan activated on startup of the machine ?
No. VLAN assignment is done by the RADIUS server, *or* by the switch.
> Or do you know where I should ask this question ?
I think your requirements might be difficult, or maybe impossible to
do with current technology.
I suggest investigating what's *possible*, and then trying to build a
solution using components that exist. It's much more difficult to first
define the requirements, and then to see if it's possible to meet them.
More information about the Freeradius-Users