Freeradius, Cisco WLC, Mac address auth.

Brian Ertel bsertel at amherst.edu
Fri Aug 24 20:15:18 CEST 2007


Hi all,

I have freeradius working with a Cisco 2000 series controller.  A
wireless client attempts to associate with a WAP the controller sends an
auth request to freeradius who sees the mac address of the user:

00:0e:35:1c:e0:52 Auth-Type := Local, User-Password == "testing"
        
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Type = "VLAN",
        Tunnel-Private-Group-Id = "157",
#       Service-Type = Framed-User,

That puts the user in vlan 157, great, it works.  So that is for a user
whose mac address is known.  Now I'd like to work with unknown users.
The trouble is once one enable mac address filtering on the Cisco it
will alway call to radius.  Is there away to allow all MAC addresses to
be accepted in the "users" config similar to the above?  That way I
could throw all unkown users into a restricted access vlan which
redirects them to a registration page which in turn takes their mac
address and injects it into freeradius thus making them a "known" user
and puts them in a normal access vlan...

Thanks,

Brian

_____________________

Brian Ertel
Network Administrator
Amherst College
413-542-8320
bsertel at amherst.edu 
_____________________




More information about the Freeradius-Users mailing list