Limiting Wifi Access

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Mon Jun 23 23:15:25 CEST 2008


On 23 Jun 2008, at 21:01, Ivan Kalik wrote:

> Run server in debug mode. Is SSID appearing in some attribute in
> Access-Request?
>

It's usually in the Called-Station-Id attribute:

<radio-mac>:<ssid>

# Rewrite calling station id and called station id attributes
# into a standard format.
# If a 6th seperator is present write the trailing chars into Called- 
Station-SSID
if("%{Called-Station-Id}" =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]? 
([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2}) 
[-:]?([-a-z0-9_.]*)?/i){
	update request {
		Called-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
		Called-Station-SSID := "%{7}"
	}
}
That generally works in FR 2.0* , though you have to define Called- 
Station-SSID as a local attribute, see etc/raddb/dictionary for  
examples.


> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 23/6/2008, "Roy Kartadinata" <rkartadinata at pocket.com> piše:
>
>> Hi guys,
>>
>>
>>
>> We're trying to centralize our corporate wifi authentication using
>> freeradius. So far, I was able to get user to authenticate based on  
>> NAS
>> IP (I got access to multiple NAS working as well) and Mac Address.  
>> Is it
>> possible to also limit their access per SSID? The reason for this is
>> because one of our locations, our HQ, has 3 SSID and only certain  
>> people
>> have access to certain SSID but I'm not sure if this will conflict  
>> with
>> already working NAS checking. Our HQ is using Cisco Wireless LAN
>> Controller so all 3 SSID will connect to radius using the same NAS  
>> IP.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Roy Kartadinata
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080623/0537258e/attachment.html>


More information about the Freeradius-Users mailing list