How to grant some (!) devices access to network but all others have to provide passwords

Alan DeKok aland at
Sun Dec 22 15:47:07 CET 2019

On Dec 22, 2019, at 6:18 AM, uj2.hahn at wrote:
> In a school all devices (students laptops, mobiles, tablets) have to use username/password via Freeradius
> to get access to WLAN. But there are some well-defined school-owned devices (laptops, tablets)  which should
> connect to WLAN  immediately w/o any credentials.
> Which options do I have to realize that? MAC checks? Certificates?

  If the WiFi is using EAP / 802.1X, then you must use 802.1X for *all* devices.

  For school-owned devices, the best way to do this is via certificates.  It's (somewhat) difficult to copy the certificate to another machine.  If the device is stolen, you can just revoke the certificate.

  Alan DeKok.

More information about the Freeradius-Users mailing list