From owner-freebsd-net@FreeBSD.ORG Wed Sep 29 15:31:36 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C95E16A4D0 for ; Wed, 29 Sep 2004 15:31:36 +0000 (GMT) Received: from smtp.ucsb.edu (ucsb.edu [128.111.24.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 479B743D1D for ; Wed, 29 Sep 2004 15:31:36 +0000 (GMT) (envelope-from kps@ucsb.edu) Received: from lsanca1-ar1-4-35-113-141.lsanca1.elnk.dsl.genuity.net ([4.35.113.141] helo=[192.168.2.192]) by smtp.ucsb.edu with asmtp TLSv1:RC4-MD5:128 id 1CCgQZ-0000Lh-Q0; Wed, 29 Sep 2004 08:31:35 -0700 From: Kevin Schmidt Organization: University of California, Santa Barbara To: dima <_pppp@mail.ru> Date: Wed, 29 Sep 2004 08:31:34 -0700 User-Agent: KMail/1.6.2 References: <200409281010.02904.kps@ucsb.edu> <1096458648.2423.11.camel@pppp> In-Reply-To: <1096458648.2423.11.camel@pppp> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200409290831.34763.kps@ucsb.edu> cc: freebsd-net@freebsd.org Subject: Re: Bridging vlans w/firewall and selective HTTP redirect? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2004 15:31:36 -0000 On Wednesday 29 September 2004 04:50, dima wrote: > Would you bother reading cisco tech documentation regarding 802.1x? I have. Would you bother dropping invalid assumptions? > http://cisco.com/en/US/products/hw/switches/ps628/products_configuration_gu >ide_chapter09186a008022995b.html It states you can configure guest vlan for > non-authentified users; you can also temporarily disable infected users' > accounts. I'm familiar with Cisco's guest-vlan capability. This is fine if you're using Cisco wireless gear, and it would make part of this exercise easier. A major objective is to implement a solution that is as vendor-independent as possible and maintains similar behavior in wired and wireless environments. There is a variety of existing non-Cisco wired equipment that is capable of 802.1x, but does not have guest-vlan support. -- Kevin Schmidt Campus Network Programmer Office of Information Technology University of California, Santa Barbara North Hall 2124 Santa Barbara, CA 93106-3201 805-893-7779 805-893-5051 FAX kps@ucsb.edu