Dear Packetfencers, I've been struggling with this logic for a while, so I'm going to admit defeat and defer to the wisdom of the list.
Aim: Allow a maximum or predefined VLAN allocation for MAB users. So those with expired certs or otherwise broken 802.1x profiles can get to a useful remediation state. In practice, - EAP-TLS users would continue to be assigned their role based VLANs, - Broken, or new installed machines that are registered but have no cert can reach a lesser priv'd vlan. I currently have a functional setup where users get allocated their VLANs properly regardless of if they do MAB or EAP, but I've not for love nor money been able to work out how to discriminate between the two effectively. I know I can auto-register EAP clients, but for that to be useful unregistering them would have to leave them in a state where MAB could still do useful things! Can anyone outline how to achieve this? Thanks as ever in advance, David -- Thought Machine Group a limited company registered in England & Wales. Registered number: 11114277. Registered Office: 5 New Street Square, London EC4A 3TW <https://maps.google.com/?q=5+New+Street+Square,+London+EC4A+3TW&entry=gmail&source=g>. The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
