Self Service Kiosk / Workflow to trust untrusted devices to add them to personal VLAN dynamically

Matthew Newton mcn at
Tue Jan 4 13:35:08 CET 2022

On 01/01/2022 15:59, Stefan Mueller wrote:
> Thx for replying that quickly 😀, so you say it is technically feasible?

As I said, it may be. Depends on whether the AP can do VLAN allocation 
together with WAP2-PSK. It normally only works with WPA2-Enterprise.

> I do ask as you highlight
> *There's may not be much more you can do as*
> *most things won't support different VLANs on WPA2-PSK.*

It's expected that VLAN allocation will work with WPA2-Enterprise when a 
RADIUS server is involved.

RADIUS isn't normally part of the WPA2-PSK authentication process, so 
VLAN allocation isn't either. It depends on what the AP does. It's 
technically possible (if you are happy to base "authentication" on the 
device MAC address only), but definitely not "normal".

> GUI could be done using home automation system what can speak to FreeRADIUS
> using its APIs if all can be done through APIs?

FreeRADIUS doesn't have APIs - you write data into databases using some 
external method. FreeRADIUS reads data from databases and uses that to 
make the policy decisions.


More information about the Freeradius-Users mailing list