On Sep 9, 2024, at 8:04 AM, Travis Garrison <tgarrison@netviscom.com> wrote:
I'm trying to figure out the best way to do this. We are using PPSK on TP-Link and are trying to figure out a work around for the 128 password limit for a single PPSK SSID. We have a password created that goes to specific VLANs and are trying to replicate it with a separate radius server.
So you have one dynamic PSK which is tied to a specific VLAN?
We do not want to use the typical radius authentication with PPSK since that requires us to know the MAC address of the devices beforehand. This will be a BYOD type setup.
How are you going to assign devices to a VLAN if you don't know what the MAC is? The only thing you can do is: 1) assign known MACs to known PSK / VLAN 2) assign everything else to one PSK / VLAN
Using DEFAULT Auth-Type := Accept in the users file works fine to get around not knowing the mac addresses beforehand but the question is, how do we match against multiple Tunnel-Password fields?
I don't know what that means. Why are you *matching* multiple Tunnel-Password fields? Please describe what you want to do using plain English. Don't describe a particular solution, and then ask why it doesn't work. Alan DeKok.