On Jul 17, 2025, at 12:56 PM, Rodrigo Antunes via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I think you misunderstood something in the way.
I understood only what you posted. if your comments are unclear, there isn't much I can do about that.
In an earlier email I said I understood what you said that it is not possible to authenticate IoT devices that dont support 802.1x in a 802.1x SSID. There is no fallback like there is in wired.
So I asked what is the best practice to properly solve the issue where I need to authenticate IoT devices.
The question wasn't that, but sure...
A separate SSID specificaly for them right? In this new SSID I could use macauth, but macauth only is insecure because mac can be spoofed.
A separate SSID would work. And yes, MAC auth doesn't add a lot of security, because it can be spoofed.
An earlier user said something about Cisco IPSK, does someone have an idea how I can configure this in the virtual cisco wireless controller together with freeradius?
There's a DPSK module in FreeRADIUS. It has documentation, and is known to work with IPSK. Alan DeKok.