I'm trying to set up a MAC-based-RADIUS-auth/public network, i.e; if the device's MAC address is on AD allow it and set its VLAN to the proper network, if its not, leave it there but allow it access nevertheless. From there a captive portal would allow access
to guests and [forms-]authenticate users if needed. Since portals can read from AD, it can get the MAC addresses to which it should not present itself. It seemed all very straightforward.
I figured the Allow clients to connect without negotiating an authentication method constraint would be enough until it was time to see the logs to build the policy that I realized thatwithout⍯ with failed [authentication method].
So even though both situations result in an unauthenticated user, they're very different. :/
How, if possible, can I allow clients to connect when they input the wrong credentials--this is basically a given because the APs automatically convert MAC addresses to usernames.
Thanks!