control authentication/authorization by SSID

Alan DeKok aland at
Wed Oct 7 21:14:37 CEST 2020

On Oct 7, 2020, at 12:39 AM, Munroe Sollog <mus3 at> wrote:
> I've been reviewing:

  Some of the Wiki is a little out of date, but it's mostly correct.  We're working on that.

> I have two SSIDs.  One of them is mac-auth and the other is .1x.  My
> wireless environment presents freeradius with %{Aruba-Essid-Name} to denote
> the SSID.  If I am interpreting the above documentation correctly, it
> suggests that I alter what I'm storing in the mac address database to also
> include the SSID so it can compare both the mac address and the SSID.
> However, as we don't have multiple SSIDs that do mac auth, is it possible
> to create some sort of logic in the authorize section based on SSID?
> Something like:
> if %{Aruba-Essid-Name} == "mac-auth ssid" { do mac auth}
> elif %{Aruba-Essid-Name} == ".1x ssid" {do eap}
> else {reject}
> That seems like a simpler solution,especially since it doesn't require me
> to mess with the database of mac addresses.  Any input would be appreciated.

  You can do pretty much exactly what you said.

  Alan DeKok.

More information about the Freeradius-Users mailing list