Hi, > Cisco 2950 switch has an "auth fail" vlan option. If port authentication > fails, the port is marked authorized and put in the configured auth-fail vlan > as opposed to the default vlan or remaining in an unauthorized state. For > Windows XP SP2, if authentication fails, the user is notified - however, > network communications across that vlan works fine. >
So, what means "port authentication fails"? An Access-Reject? Well what you were trying to do was send an Access-Accept no matter what, which is for an authenticator a reason to count it as success, and will subsequently not put a user in a auth fail VLAN. > Additionally, consider this: a packet capture reveals that, even after > authentication has failed, Windows XP SP2 will send out DHCP requests. > Evidently the supplicant is somehow decoupled from the other processes > involved in bringing up a network interface. > SP3? Vista? Nokia N95? iPhone 3G? Make a list of stuff to test... Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
