That helps. In IAS everything is basically done through Remote Access Policies. That sounds like where I need to look if the quarantining is performed by the RADIUS server.
However, I am not sure (yet) how to setup an access policy that would apply to individuals that are not in the database (don't have any account) first. Anyone have any ideas? Thanks, D. Michael Martin, Jr. University of Montevallo -----Original Message----- From: Philippe Hanset [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 9:20 PM To: Martin Jr., D. Michael Subject: Re: [WIRELESS-LAN] RADIUS, MAC authentication, and VLANs It would be a rule in a RADIATOR server like: IF user=group1 then VLAN=100 Elseif user=group2 then VLAN=200 Else VLAN=400 (which is a VLAN where they can only go to a registration page) philippe On Thu, 26 Feb 2004, Philippe Hanset wrote: > Martin, > > I'm not sure I undertsand the question completely, > It may sound too simplistic but: > do you have the ability in IAS to assign a non-recognized MAC to a > specific VLAN, other than the recognized users. > Do you then map the VLAN to an SSID? > > Philippe Hanset > U of TN > > On Thu, 26 Feb 2004, Martin Jr., D. Michael wrote: > > > I need some technical help. > > > > We have decided, for now, to stay clear of 802.1x because we do not have the infrastructure, can not touch student computers, and have devices that will not support 802.1x (printers and such). Instead, we have been looking at a combination of MAC authentication and RADIUS server integration. > > > > Our testing has been great to a point. We have the RADIUS database looking at MAC-addresses and dynamically assigning clients to the proper VLANs. BUT, that is only good if the user is already in our RADIUS database. > > > > What we need is the ability to keep someone in a VLAN if they are not found in the RADIUS database. We are pretty much a "Windows shop" using Microsoft IAS for our RADIUS server and Cisco Aironet 340s, 350s, and 1100s for our APs. > > > > Any suggestions or help would be appreciated. > > > > Thanks, > > > > Michael Martin > > University of Montevallo > > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
