(RADIATOR) Radius, Kerberos, and 802.1x Dynamic Vlans

Kirk T Byers ktbyers at stanford.edu
Thu Sep 23 15:25:49 CDT 2004


We are considering deploying an 802.1x solution for some of our wired
infrastructure.  We have a centralized Kerberos server that contains our
usernames and passwords.  Because of this, we were planning on using
EAP-TTLS/PAP for our EAP method.  Consequently, we would have Client -->
Switch --> Radius Server --> Kerberos.

In this context, is it possible to implement 802.1x with dynamic vlan
assignment?  Does Radius allow you to retrieve data from multiple sources?
For example, can we authenticate the user against the Kerberos Domain
Controller, but pull the Vlan information from another source (either a
local data source on the Radius server, or some other remote data source)?

Thanks, for the assistance.


Kirk Byers
Information Security Services
Stanford University

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list