logoalt Hacker News

onraglanroadtoday at 4:34 PM1 replyview on HN

Probably a RADIUS server setup.

Basically staff machines get a certificate to present to the server and the server controls the network.

So, if your machine does nothing, it's on the guest vlan and has limited access. If it presents a valid certificate that network port is reassigned to the staff vlan and you get full access.

If someone leaves, you just revoke the certificate and they have guest access again.

Not rocket science once you know it :)


Replies

lokartoday at 4:53 PM

Still better to do that same thing (cert based auth) at the application layer instead of the network layer.

show 2 replies