strategy question

[Gary Gatten]

Makes sense to me.  Will you be using MAC Auth Bypass for printers and other "dumb" devices?

-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of localhero at mac.hush.com
Sent: Monday, February 07, 2011 1:08 PM
To: freeradius-users at lists.freeradius.org
Subject: strategy question

In a project with some larger customer sites 802.1x authentication 
shall be introduced. There are about 10 sites with roughly 500 
employees each.
It is expected that at least 5 to 10% of the pc may cause problems 
when 802.1x authentication is activated. To identify those pc in 
advance the idea is, to have the switches ask the freeradius server 
for authentication. For two weeks or so the radius shall accept all 
the requests, even if they fail because of invalid certificates. 
The failure shall be reported. During this time the operating staff 
may solve the problems with the pc. After that period the problems 
are hopefully solved and the radius shall do "real" authentication.

Is this a idea that makes sense?
Are there technical restictions that would avoid such an approach

-lh

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>