Limiting Wifi Access

Roy Kartadinata rkartadinata at
Mon Jun 23 23:46:27 CEST 2008

Thanks, that helps a lot. :-)






Roy Kartadinata



From: at [ at] On Behalf Of Arran Cudbard-Bell
Sent: Monday, June 23, 2008 4:15 PM
To: FreeRadius users mailing list
Subject: Re: Limiting Wifi Access



On 23 Jun 2008, at 21:01, Ivan Kalik wrote:

Run server in debug mode. Is SSID appearing in some attribute in


It's usually in the Called-Station-Id attribute:




# Rewrite calling station id and called station id attributes 
# into a standard format.
# If a 6th seperator is present write the trailing chars into Called-Station-SSID
if("%{Called-Station-Id}" =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i){
        update request {
               Called-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
               Called-Station-SSID := "%{7}"

That generally works in FR 2.0* , though you have to define Called-Station-SSID as a local attribute, see etc/raddb/dictionary for examples.


Ivan Kalik
Kalik Informatika ISP

Dana 23/6/2008, "Roy Kartadinata" <rkartadinata at> piše:

Hi guys,




	We're trying to centralize our corporate wifi authentication using

	freeradius. So far, I was able to get user to authenticate based on NAS

	IP (I got access to multiple NAS working as well) and Mac Address. Is it

	possible to also limit their access per SSID? The reason for this is

	because one of our locations, our HQ, has 3 SSID and only certain people

	have access to certain SSID but I'm not sure if this will conflict with

	already working NAS checking. Our HQ is using Cisco Wireless LAN

	Controller so all 3 SSID will connect to radius using the same NAS IP.














	Roy Kartadinata










List info/subscribe/unsubscribe? See


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list