simple mac-auth

Mikko Husari husku at husku.net
Wed Feb 7 12:21:20 CET 2007


Phil Mayers wrote:
> Mikko Husari wrote:
>   
>> Hi!
>>
>> im currently running eap-tls with username and password (from ldap), but 
>> now we're having a bunch of "stupid" wlan-client machines, and we need 
>> an simple mac-auth (from ldap?) to the network. basic idea: (example 
>> from outside world) "so, no certificate and login credentials, cant let 
>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for 
>> inconvenience", for now we are happy to get just that to work, next 
>>     
>
> Most APs will require a separate SSID for this I think - your MAC-auth 
> one will need to be unauthenticated and the 802.1x one WPA (or whatever) 
> and the beacon frames will reflect that.
>
> Having said that, assuming your AP can authenticate the MACs against 
> radius (many can - Ciscos can) then FreeRadius can do it fine, it's very 
> simple. Do you have a specific question?
>
>   
>> level would be something concerning vlans... i think (in the long run) 
>>     
>
> Again, provided the AP supports it, easy.
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   
so, did i understand it correctly, ap should have some "special" 
radius+mac support to create a wlan-network that includes 
mac-authentication using centralized (radius) mac-address database?



More information about the Freeradius-Users mailing list