I am thinking about implementing wired security on my network. We already have the radius server and certificate server because we use 802.1x for wireless. I had a very limited time to see a wired implementation at my last job. And there, when a client was not authenticated the port went into a vlan with no access to anything. I've pulled up a bunch of articles on the 802.1x today but haven't been able to find anything about assignment of a vlan to a failed client.
What I would like to do is have it drop into a vlan with access to the internet only (guest setup) when it fails dot1x. I can't really contact anyone from my last job because all the people who did the configuration are in different countries and I'm just not finding what I need. Can anyone point me in the right direction? I can build out the vlan and acl just fine. But I'm lost on the dot1x configuration of it.
No comments:
Post a Comment