strategy question

Tue Feb 8 07:42:32 CET 2011

Hi,

> Makes sense to me.  Will you be using MAC Auth Bypass for printers and other "dumb" devices?

Commenting on dumb printers... there's been some nice work even on that
area. If you're lucky enough to have HP printers, the NICs can meanwhile
do 802.1X just fine. Even the JetDirect 620n (which I understand is the
entry-level thing) does PEAP:

http://h10010.www1.hp.com/wwpc/us/en/sm/WF06b/18972-18972-236253-34213-236264-378355-378357-1838265.html

And if you throw in another 80 USD, you'll even get ... insert drum roll
... IPv6!

http://h10010.www1.hp.com/wwpc/us/en/sm/WF06b/18972-18972-236253-34213-236264-500078-500091-1838264.html

Stefan

> -----Original Message-----
> From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of localhero at mac.hush.com
> Sent: Monday, February 07, 2011 1:08 PM
> To: freeradius-users at lists.freeradius.org
> Subject: strategy question
>
> In a project with some larger customer sites 802.1x authentication 
> shall be introduced. There are about 10 sites with roughly 500 
> employees each.
> It is expected that at least 5 to 10% of the pc may cause problems 
> when 802.1x authentication is activated. To identify those pc in 
> advance the idea is, to have the switches ask the freeradius server 
> for authentication. For two weeks or so the radius shall accept all 
> the requests, even if they fail because of invalid certificates. 
> The failure shall be reported. During this time the operating staff 
> may solve the problems with the pc. After that period the problems 
> are hopefully solved and the radius shall do "real" authentication.
>
> Is this a idea that makes sense?
> Are there technical restictions that would avoid such an approach
>
> -lh
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
> </div>
> "This email is intended to be reviewed by only the intended recipient
>  and may contain information that is privileged and/or confidential.
>  If you are not the intended recipient, you are hereby notified that
>  any review, use, dissemination, disclosure or copying of this email
>  and its attachments, if any, is strictly prohibited.  If you have
>  received this email in error, please immediately notify the sender by
>  return email and delete this email from your system."
> </font>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110208/9a3c3c8d/attachment.pgp>