Link to home
Create AccountLog in
Avatar of rvc-it
rvc-itFlag for Viet Nam

asked on

Radius solution


I am looking for a Radius solution for our network with below information:
- Using certificate to authenticate employee's workstations: Only PCs with legal imported certificate are allowed to access production network.
- Using portal to authenticate visitor's laptops: Visitors will have to register beforehand. When they arrive and connect network, they will be redirected to a portal which requires username and password to gain network access.
- Dynamic VLANs assignment and MAC authentication bypass.

Check Certificate:
- Yes --> Access granted VLANs employee
- No  --> Drop into portal, input Username & Password
                    + Valid   --> Access granted VLAN visitor
                    + Invalid --> Drop into isolated VLAN

I greatly appreciate your suggestions, thanks!
Avatar of arnold
Flag of United States of America image

What does your environment consist of.
Your workstations seem to be dealing with 802.1X certificate authentication.

What switch infrastructure do you have?
Avatar of pergr

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Freeradius can do the job, you need to configure it, and the switches.
For 802.1x to work, the Certificates issuing and integrated.

The guest VLAN is not a complicated matter, i.e. all traffic will be routed to an internal proxy specifically setup for this, it will direct the user to a login page.  when logged in, the proxy is then updated that this user can access external resources for a period of time.