Configuring static MAC bypass list in RADIUS server on 802.1x leveraged Wireless LAN -Reg.
Alan DeKok
aland at deployingradius.com
Wed Jul 27 12:43:41 UTC 2022
On Jul 27, 2022, at 2:42 AM, Maneesh Kumar <maneeshk at cdac.in> wrote:
> We are using Freeradius server with version "3.0.26" for enabling 802.1x
> leveraged Wireless LAN. However, as few WiFi clients are not supporting the
> required PEAP -cum- MS-CHAPv2 as the security mechanism, it is required to
> whitelist them so that such WiFi client can be onboarded on the Wireless LAN.
The clients which can't do PEAP must connect to a different SSID. There's no way I know of which allows for simple MAC address authentication here.
> We are trying to find out if such required static MAC bypass list(sometimes
> called the exclusion list) can be made available to the radius server
What does that mean?
In most cases, lists of things go into a database. And FreeRADIUS can query a database.
> so that
> such WiFi clients can be allowed to access the Wireless LAN without 802.1x or
> MAC RADIUS authentication requests to the RADIUS server.
I don't think that 802.1x authentication works like that. You'll need a different SSID for Mac auth clients.
Alan DeKok.
More information about the Freeradius-Users
mailing list