how to setup MAC based authentication with LDAP

Ben Humpert ben at
Wed Apr 22 03:16:20 CEST 2015

2015-04-21 23:00 GMT+02:00 Brendan Kearney <bpk678 at>:
> my switch (cisco sg500) will identify that a client does not support .1x
> and will provide the mac address as the username and password in an EAP
> message.  because it is an EAP message, i can leverage the
> Calling-Station-Id attribute, and distinguish user auth vs. mac auth
> bypass with the "if (EAP-Message)" statement.

So the only difference between a user/pass access-request package and
one for mac bypass is just that the mac bypass contains the mac
address as the username and password? If so, why don't you add a
"user" for these mac addresses into your ldap just like you did with
real users?

More information about the Freeradius-Users mailing list