You can’t because if those not joined machines connect over 802.1x they will fail and stay there.
What you want to do is 802.1x + Mac authentication bypass (MAB) on the switch port. A none corporate machine should do MAB and land on the captive portal and authenticate. If you want to skip that part, you can put VLAN ID 2 in the registration role on the switch so everyone that do Mac authentication would be redirected on VLAN 2. Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Apr 6, 2021, at 1:33 PM, Heusler Marie-Cécile > <[email protected]> wrote: > > Hello > > I have an authentication source that gives the role VLAN1 to the corporate > machines. > > > <pastedImage.png> > > <pastedImage.png> > > > Now I want to give to the non-corporate machines the role VLAN2. However, I > can't assign a role to a node that can't login to the source. > > > Adding client 10.104.92.130/32 > Apr 6 19:11:06 packetfence auth[19459]: (195) chrooted_mschap_machine: ERROR: > Program returned code (1) and output 'Logon failure (0xc000006d)' > Apr 6 19:11:06 packetfence auth[19459]: (195) Login incorrect > (chrooted_mschap_machine: Program returned code (1) and output 'Logon failure > (0xc000006d)'): [host/client.tpi.local] (from client 10.104.92.130/32 port 21 > cli 2c:44:fd:65:ab:27 via TLS tunnel) > Apr 6 19:11:06 packetfence auth[19459]: [mac:2c:44:fd:65:ab:27] Rejected > user: host/client.tpi.local > Apr 6 19:11:06 packetfence auth[19459]: (196) Login incorrect (eap_peap: The > users session was previously rejected: returning reject (again.)): > [host/client.tpi.local] (from client 10.104.92.130/32 port 21 cli > 2c:44:fd:65:ab:27) > > > A client that are not in the domain will have a login incorrect. But how can > I say that every client out of the domain will move to the VLAN2 role ? > > > Thank you for your reply.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
