PPSK Authentication
Alan DeKok
aland at deployingradius.com
Mon Sep 9 21:08:05 UTC 2024
On Sep 9, 2024, at 8:04 AM, Travis Garrison <tgarrison at netviscom.com> wrote:
>
> I'm trying to figure out the best way to do this. We are using PPSK on TP-Link and are trying to figure out a work around for the 128 password limit for a single PPSK SSID. We have a password created that goes to specific VLANs and are trying to replicate it with a separate radius server.
So you have one dynamic PSK which is tied to a specific VLAN?
> We do not want to use the typical radius authentication with PPSK since that requires us to know the MAC address of the devices beforehand. This will be a BYOD type setup.
How are you going to assign devices to a VLAN if you don't know what the MAC is? The only thing you can do is:
1) assign known MACs to known PSK / VLAN
2) assign everything else to one PSK / VLAN
> Using DEFAULT Auth-Type := Accept in the users file works fine to get around not knowing the mac addresses beforehand but the question is, how do we match against multiple Tunnel-Password fields?
I don't know what that means. Why are you *matching* multiple Tunnel-Password fields?
Please describe what you want to do using plain English. Don't describe a particular solution, and then ask why it doesn't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list