Configuring static MAC bypass list in RADIUS server on 802.1x leveraged Wireless LAN -Reg.
Hello members, We are using Freeradius server with version "3.0.26" for enabling 802.1x leveraged Wireless LAN. However, as few WiFi clients are not supporting the required PEAP -cum- MS-CHAPv2 as the security mechanism, it is required to whitelist them so that such WiFi client can be onboarded on the Wireless LAN. We are trying to find out if such required static MAC bypass list(sometimes called the exclusion list) can be made available to the radius server so that such WiFi clients can be allowed to access the Wireless LAN without 802.1x or MAC RADIUS authentication requests to the RADIUS server. Maneesh Kumar Center for Development of Advanced Computing For assimilation and dissemination of knowledge, visit cakes.cdac.in ------------------------------------------------------------------------------------------------------------ [ C-DAC is on Social-Media too. Kindly follow us at: Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ] This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. ------------------------------------------------------------------------------------------------------------
On Jul 27, 2022, at 2:42 AM, Maneesh Kumar <maneeshk@cdac.in> wrote:
We are using Freeradius server with version "3.0.26" for enabling 802.1x leveraged Wireless LAN. However, as few WiFi clients are not supporting the required PEAP -cum- MS-CHAPv2 as the security mechanism, it is required to whitelist them so that such WiFi client can be onboarded on the Wireless LAN.
The clients which can't do PEAP must connect to a different SSID. There's no way I know of which allows for simple MAC address authentication here.
We are trying to find out if such required static MAC bypass list(sometimes called the exclusion list) can be made available to the radius server
What does that mean? In most cases, lists of things go into a database. And FreeRADIUS can query a database.
so that such WiFi clients can be allowed to access the Wireless LAN without 802.1x or MAC RADIUS authentication requests to the RADIUS server.
I don't think that 802.1x authentication works like that. You'll need a different SSID for Mac auth clients. Alan DeKok.
participants (2)
-
Alan DeKok -
Maneesh Kumar