Wireless 802.1x with MAB as fallback and FreeRadius
Rodrigo Antunes
rodrigoaantunes at yahoo.com.br
Wed Jul 16 16:37:07 UTC 2025
Hello, I use EAP to authenticate wireless clients that support 802.1x.
But we have some IoT devices that don't support 802.1x, is it possible to make them connect to the same SSID with some kind of fallback?
I saw a lot of articles teaching how to do this in ISE.
Basically you enable Mac Authentication Bypass in the wireless controller and then it sends the mac to the radius server, if the mac is invalid then it try 802.1x.
I tried that, but when the client connects to the ssid It sends the MAC and is rejected by radius.
It doesn't try 802.1x.
Have anyone already use this?
Here are some articles I found:
https://community.cisco.com/t5/wireless/wireless-802-1x-with-mab-as-fallback-and-freeradius/td-p/3802559Cisco Wireless MAB and 802.1X
https://community.cisco.com/t5/wireless/cisco-wireless-mab-and-802-1x/td-p/3699599
More information about the Freeradius-Users
mailing list