How to grant some (!) devices access to network but all others have to provide passwords
Alan DeKok
aland at deployingradius.com
Sun Dec 22 15:47:07 CET 2019
On Dec 22, 2019, at 6:18 AM, uj2.hahn at posteo.de wrote:
> In a school all devices (students laptops, mobiles, tablets) have to use username/password via Freeradius
> to get access to WLAN. But there are some well-defined school-owned devices (laptops, tablets) which should
> connect to WLAN immediately w/o any credentials.
> Which options do I have to realize that? MAC checks? Certificates?
If the WiFi is using EAP / 802.1X, then you must use 802.1X for *all* devices.
For school-owned devices, the best way to do this is via certificates. It's (somewhat) difficult to copy the certificate to another machine. If the device is stolen, you can just revoke the certificate.
Alan DeKok.
More information about the Freeradius-Users
mailing list