Hi,
sorry if I put this topic in the wrong threat but I am quite new here. You may move it to the correct threat if needed.
To my problem. I am actually trying to get dot1x to run with dynamic vlan assignment. I have an Microsoft NPS as Radius configured and at the moment the authentication looks very promising, nearly exactly as in the wiki, the client get assigned to the correct vlan after authentication and that is just working fine.
My question is now a bit more specific is it possible to enable the port also for non-authorized clients to a specific vlan such as it is possible on switches of other vendors like hp?
What I want to achieve is a configuration where known clients which authenticate will be assigned to vlan5 and clients that are not authenticated will be assigned to vlan10. I wasn’t able to find examples for such configuration and even if I combine the configurations mentioned here: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering (VLAN Example #1 (Trunk and Access Ports) and here: https://wiki.mikrotik.com/wiki/Manual:Interface/Dot1x I won’t end up with a running configuration.
For me it looks like as soon as I have enabled dot1x for one port it is not longer possible to get a non authenticated vlan on this interface. Only as soon as I disable dot1x for this port the “normal” vlan configuration will take effect.
Does anyone of you struggle with the same problem or found a workaround for this? If anybody of you have some question regarding dot1x I’d like to help out as far as possible.
Thanks in advance and best regards,
fbsnchz27.