Re: [m0n0wall] CAP Portal / VLAN's how to

From:	A dot L dot M dot Buxey at lboro dot ac dot uk
To:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] CAP Portal / VLAN's how to - InterVLAN routing?
Date:	Tue, 31 Jan 2006 09:12:18 +0000

Hi,

> > What we want to do, is have anyone on the "external port" come up on their
> > own locked down VLAN to the captive portal. Then we want to use RADIUS and
> > machine certificates to authenticate the individual machines, not users. If
> > they authenticate, put them onto the private network with all access. If
> > they don't authenticate, just put them on a jailed VLAN that only has
> > internet access and DNS access but no access to internal services or other
> > machines.
> >
> > Is this feasible?
> >
> 
> What you're talking about there is actually switching the VLAN the
> user is on.  m0n0wall can't do that, that's a function of the switch. 

if its a decent switch with AAA and full RADIUS support, then you can
simply configure dot1x on thw switch so that this can be achieved. configure
the switch to talk to the RADIUS box...the radius box will then be handed
the machine certificate etc and, if valid, return an appropriate VLAN
for the switch to move the port to. not a m0n0wall function.

alan