simple mac-auth

Mikko Husari husku at husku.net
Wed Feb 7 11:56:33 CET 2007


Phil Mayers wrote:
> Mikko Husari wrote:
>   
>> Hi!
>>
>> im currently running eap-tls with username and password (from ldap), but 
>> now we're having a bunch of "stupid" wlan-client machines, and we need 
>> an simple mac-auth (from ldap?) to the network. basic idea: (example 
>> from outside world) "so, no certificate and login credentials, cant let 
>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for 
>> inconvenience", for now we are happy to get just that to work, next 
>>     
>
> Most APs will require a separate SSID for this I think - your MAC-auth 
> one will need to be unauthenticated and the 802.1x one WPA (or whatever) 
> and the beacon frames will reflect that.
>
> Having said that, assuming your AP can authenticate the MACs against 
> radius (many can - Ciscos can) then FreeRadius can do it fine, it's very 
> simple. Do you have a specific question?
>
>   
>> level would be something concerning vlans... i think (in the long run) 
>>     
>
> Again, provided the AP supports it, easy.
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   
well, im not so sure the ap-supports mac-auth using radius... it is 
zyxel zyair g-1000, manual did not say anything about radius+mac, other 
sort of radius is supported (has to be cause it works)



More information about the Freeradius-Users mailing list