I'm trying to do the same setup here in my lab, you can configure your switch
interfaces as 802.1x and if client don't support 802.1x or fail auth put the
interface in guest VLAN.
For my switch Catalyst 3650 the command is "dot1x guest-vlan 50" and the
complete config is:
switchport access vlan 1
switchport mode access
authentication event fail action authorize vlan 50
authentication event server dead action authorize vlan 50
authentication event no-response action authorize vlan 50
authentication event linksec fail action authorize vlan 50
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab ;optional
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
dot1x guest-vlan 50 ; important
Pasqu.
----- Messaggio originale -----
> Hi,
> I have been trying to figure out if there is a way to bypass captive
> portal for users who log onto their computers using a domain
> account. So, non-domain computers and non-domain users would be
> forced to the registration VLAN and register, while users who log
> onto their computers using domain credentials would not be trapped
> in the captive portal and would be able to access the normal VLAN
> without registering ever. Is this possible? If so, how would go
> about doing this?
> Thanks!
--
--
Pasqualotto Enrico
cell. +39 3473292620
skype://epasqualotto :: http://www.linkedin.com/in/epasqualotto
http://www.netspin.it :: [email protected]
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
