authentication order

Alan DeKok aland at
Mon Jun 9 15:25:00 CEST 2014

Dan Letkeman wrote:
> Yes, I am asking the wrong question, because I need help, otherwise I
> would not be posting a question.....(:

  I suggest asking the *real* question, using common words.  Not one
using invented terminology.  You're more likely to get a useful answer.

> Ok, so I can authorize a user based on there mac address.  I can also
> authenticate a user using EAP.  I want to authenticate a user using EAP,
> but if the device that a user is using does not support EAP I would like
> to authorize a user based on the mac address as a last resort.

  For WiFi, it's impossible.  It's designed to be impossible.

  For wired 802.1X, it can be possible.  But it doesn't always work.
It's not recommended, and it's not trivial.

  The usual way to do this is to configure the switch to put users into
a special VLAN when authentication fails.

  Alan DeKok.

More information about the Freeradius-Users mailing list