I am using 802.1x authentication with roles derived from a radius server.I have 3x roles:
logon_role
user_role
quarantine_role
User and quarantine are user based roles and depending on health check and group access etc are approved access on the network or denied and fall into the quarantine network.
The login role is for the machine when authenticated it is given the logon_role, i currently have in policy assigned to the role:
udp 68 deny
svc dhcp permit
svc dns permit
svc icmp permit
svc natt permit
any any any deny
To allow a user login to occur on this machine currently assigned the logon_role what other services or ports need to be allowed in the logion_role/policy
Thanks heaps