strategy question
localhero at mac.hush.com
localhero at mac.hush.com
Mon Feb 7 21:40:08 CET 2011
I think there will be Group Policies in place.
-lh
On Mon, 07 Feb 2011 20:48:08 +0100 Alan Buxey
<A.L.M.Buxey at lboro.ac.uk> wrote:
>Hi,
>
>> In a project with some larger customer sites 802.1x
>authentication
>> shall be introduced. There are about 10 sites with roughly 500
>> employees each.
>> It is expected that at least 5 to 10% of the pc may cause
>problems
>> when 802.1x authentication is activated. To identify those pc in
>
>> advance the idea is, to have the switches ask the freeradius
>server
>> for authentication. For two weeks or so the radius shall accept
>all
>> the requests, even if they fail because of invalid certificates.
>
>> The failure shall be reported. During this time the operating
>staff
>> may solve the problems with the pc. After that period the
>problems
>> are hopefully solved and the radius shall do "real"
>authentication.
>>
>> Is this a idea that makes sense?
>> Are there technical restictions that would avoid such an
>approach
>
>it seems a fairly sensible approach to migration into an 802.1X
>world -
>I guess your guest/failed VLAN will be just the same as the normal
>VLAN that real clients will go onto? (we were one of the sites to
>ask cisco to reverse their decision that a failed VLAN - ie where
>802.1X was attempted but failed - should be an operative VLAN
>rather
>than marked as some for of malicious attack).
>
>how are you going to go about configuring the PCs - GPO can be
>used
>to push out the setting if they are corporate/in ActiveDirectory
>
>alan
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list