Guest VLAN on MAC authentication failure

  • 1
  • Idea
  • Updated 2 years ago
It would be great if Aerohive had the option of specifying a guest/registration VLAN, which the client would be placed in if the AP receives an Access-Reject response from RADIUS.

The feature exists on 3com and Cisco switches.

MAC authentication with guest VLAN. The flow is:

1. Client associates or plugs in to a branch router.
2. MAC address forwarded to Radius server:
• Access-Accept – the client is placed into the VLAN specified by Radius response
• Access-Reject – the client is placed into the specified Guest VLAN for that port/WLAN

Additionally, the AP should attempt to re-authenticate at a set interval as the client may register and become eligible for full network access so should be switched to an alternative VLAN.
Photo of Dale Lloyd

Dale Lloyd

  • 1 Post
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Sarah Banks

Sarah Banks

  • 75 Posts
  • 4 Reply Likes
This is something we too agree would be great to have, and we're currently exploring the feasibility of adding this functionality to a later release. Thanks for the interesting feedback.
Photo of Igor Zofrin

Igor Zofrin

  • 2 Posts
  • 0 Reply Likes
Any news on failed/guest VLAN feature for AeroHive?? This feature should be standard on any network gear that to be considered as part of any 802.1x setup. 4 years since exploring the feasibility to add to future release is pretty pathetic.