On Jul 27, 2022, at 2:42 AM, Maneesh Kumar <maneeshk@cdac.in> wrote:
We are using Freeradius server with version "3.0.26" for enabling 802.1x leveraged Wireless LAN. However, as few WiFi clients are not supporting the required PEAP -cum- MS-CHAPv2 as the security mechanism, it is required to whitelist them so that such WiFi client can be onboarded on the Wireless LAN.
The clients which can't do PEAP must connect to a different SSID. There's no way I know of which allows for simple MAC address authentication here.
We are trying to find out if such required static MAC bypass list(sometimes called the exclusion list) can be made available to the radius server
What does that mean? In most cases, lists of things go into a database. And FreeRADIUS can query a database.
so that such WiFi clients can be allowed to access the Wireless LAN without 802.1x or MAC RADIUS authentication requests to the RADIUS server.
I don't think that 802.1x authentication works like that. You'll need a different SSID for Mac auth clients. Alan DeKok.