On 11/29/2018 9:19 AM, freeradius-users-request@lists.freeradius.org wrote:
Why not just:
if (MAC SSID) { look up MAC if !known MAC reject if blocked MAC reject
} elsif (open SSID) { if blocked MAC reject }
Does that sound reasonable? If not, you need to describe your requirements a bit more clearly.
Alan DeKok. Alan thank you - from a pseudo-code level, what I am therefore looking for is:
if (MAC_LIMITED-SSID && EAP-CERT-01) { check eap valid cert "EAP-CERT-01" look up MAC if !known MAC reject if blocked MAC reject (inferred tail deny) } else if (OPEN-SSID && EAP-CERT-02) { check eap valid cert "EAP-CERT-02" accept (inferred tail deny) } I am not looking to manage an implicit blocking list for OPEN-SSID; if the client has the *appropriate* cert (designated for OPEN-SSID), and they associate with OPEN-SSID, then they should be accepted. I do want to maintain two separate certs each intended to match against their designated SSIDs. Thanks, Ted.