control authentication/authorization by SSID

Munroe Sollog mus3 at
Wed Oct 7 06:39:07 CEST 2020

I've been reviewing:

I have two SSIDs.  One of them is mac-auth and the other is .1x.  My
wireless environment presents freeradius with %{Aruba-Essid-Name} to denote
the SSID.  If I am interpreting the above documentation correctly, it
suggests that I alter what I'm storing in the mac address database to also
include the SSID so it can compare both the mac address and the SSID.
However, as we don't have multiple SSIDs that do mac auth, is it possible
to create some sort of logic in the authorize section based on SSID?
Something like:

if %{Aruba-Essid-Name} == "mac-auth ssid" { do mac auth}
elif %{Aruba-Essid-Name} == ".1x ssid" {do eap}
else {reject}

That seems like a simpler solution,especially since it doesn't require me
to mess with the database of mac addresses.  Any input would be appreciated.

Munroe Sollog (He/Him/His)
Senior Network Engineer
munroe at

More information about the Freeradius-Users mailing list