simple mac-auth
Mikko Husari
husku at husku.net
Wed Feb 7 12:21:20 CET 2007
Phil Mayers wrote:
> Mikko Husari wrote:
>
>> Hi!
>>
>> im currently running eap-tls with username and password (from ldap), but
>> now we're having a bunch of "stupid" wlan-client machines, and we need
>> an simple mac-auth (from ldap?) to the network. basic idea: (example
>> from outside world) "so, no certificate and login credentials, cant let
>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for
>> inconvenience", for now we are happy to get just that to work, next
>>
>
> Most APs will require a separate SSID for this I think - your MAC-auth
> one will need to be unauthenticated and the 802.1x one WPA (or whatever)
> and the beacon frames will reflect that.
>
> Having said that, assuming your AP can authenticate the MACs against
> radius (many can - Ciscos can) then FreeRadius can do it fine, it's very
> simple. Do you have a specific question?
>
>
>> level would be something concerning vlans... i think (in the long run)
>>
>
> Again, provided the AP supports it, easy.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
so, did i understand it correctly, ap should have some "special"
radius+mac support to create a wlan-network that includes
mac-authentication using centralized (radius) mac-address database?
More information about the Freeradius-Users
mailing list