eap-tls with valid and fake certificates.

[codythejack]

Hello !  The Idea is to authenticate users with eap-tls with certficates. People without any certificate should use different vlan provided by Radius. Only supported authentication should be eap-tls.  Is it possible to make authentication with eap-tls with certficates for valid users and some "guest vlan" for users which hasnt any or unknown certificates ?  I'tried many things like default authenticate , post-auth-type (with update control Auth-Type :=Accept).  Allways i had reject or stuck with no network configuration. Radius should provide attributes for valid users:  Tunnel-Type          = 13  Tunnel-Medium-Type      = 6,  Tunnel-Private-Group-ID = 2111   and   Tunnel-Type          = 13  Tunnel-Medium-Type      = 6,  Tunnel-Private-Group-ID = 2211   for invalid users.  How i do it ?  thanks for help  Marcin