I need some technical help.
We have decided, for now, to stay clear of 802.1x because we do not have the
infrastructure, can not touch student computers, and have devices that will not
support 802.1x (printers and such). Instead, we have been looking at a combination of
MAC authentication and RADIUS server integration.
Our testing has been great to a point. We have the RADIUS database looking at
MAC-addresses and dynamically assigning clients to the proper VLANs. BUT, that is
only good if the user is already in our RADIUS database.
What we need is the ability to keep someone in a VLAN if they are not found in the
RADIUS database. We are pretty much a "Windows shop" using Microsoft IAS for our
RADIUS server and Cisco Aironet 340s, 350s, and 1100s for our APs.
Any suggestions or help would be appreciated.
Thanks,
Michael Martin
University of Montevallo
