Self Service Kiosk / Workflow to trust untrusted devices to add them to personal VLAN dynamically

Matthew Newton mcn at
Sat Jan 1 16:22:01 CET 2022

On 01/01/2022 14:52, Stefan Mueller wrote:
> Is it somehow possible to allow each resident to open an GUI and select
> untrusted devices (devices connected to the WPA2 PSK) and just click on a
> button to make them trusted, so their VLAN assignment will be change, means
> FreeRADIUS changes the following
> Mikrotik-Wireless-VLANID := 10,
> Mikrotik-Wireless-VLANID-Type := 0,
> due to this *workflow *triggered by an trusted user via the GUI?

Make sure your equipment can support different VLANs on the WPA2-PSK 
network somehow (that's definitely not a given)

Create a database

Write a GUI to update the database

Possibly have something to collect information about the printers / 
devices etc on the network and add them to the database (or do this in 
the GUI)

Configure FreeRADIUS upon authentication to read the database and set 
the correct attributes in the reply.

The last bit is the easy bit. You'll have to write the rest yourself.

Depending on the wireless equipment you'll possibly be better to add 
another SSID for the printers and then use the database to restrict 
access based on MAC address. There's may not be much more you can do as 
most things won't support different VLANs on WPA2-PSK.


More information about the Freeradius-Users mailing list