Mikael Kermorgant wrote: > My Goals : > 1) authenticate access to the network from Open Public Access Catalog > (OPAC) desktop machines available to every user of a biblioteque.
OPAC? That must be term local to your site. I don't know what it means. > 2) have a guest account with limited LAN access (no access to internet, > or just a very short whitelist) > 3) Keep the machines reachable from some servers (ghost server, > monitoring, etc). (this criteria eliminates the solution of a captive > portal) It's hard to setup guest access without a captive portal. > I thought 802.1x with dynamic vlans would be a nice solution as it > should permit to put the guest account in a specific vlan. Maybe. Do the client machines do 802.1X? How will they get a username/password for authentication? > But how would it be possible to reach the machine from the management > servers before someone authenticates ? It won't be possible. If you've configured 802.1X, there will be no network available until after authentication happens. > Is it possible to have a default > vlan activated on startup of the machine ? No. VLAN assignment is done by the RADIUS server, *or* by the switch. > Or do you know where I should ask this question ? I think your requirements might be difficult, or maybe impossible to do with current technology. I suggest investigating what's *possible*, and then trying to build a solution using components that exist. It's much more difficult to first define the requirements, and then to see if it's possible to meet them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
