3 Replies Latest reply on Jul 14, 2014 9:35 AM by daniel.blackmon

    vWLAN 802.1x MAC Auth

    skliffi New Member

      Is it possible to authorize users in 802.1x RADIUS secured WiFi network with they MAC addresses?

      MAC Devices authenticate device, put it into Role, but Device didn't understand what to do, send Response-Identiti packet, and nothing happens subsequently

       

      I've tried to set mac_auth in Freeradius, and radius works fine - handle request, and answer with Access-Accept - I can see it in Wireshark, but vWLAN (or my Android) didn't understand such behaviour, and trying over and over. In vWLAN, I see device as Unregistered and SSID Auth.

       

      Any ideas?

        • Re: vWLAN 802.1x MAC Auth
          daniel.blackmon Employee

          I can think of two options immediately. You could eliminate 802.1X authentication, and just use the built-in MAC Authentication feature in vWLAN. You could still use WPA2-PSK for encryption purposes, but I understand this still may be viewed as a less secure solution.

           

          Alternatively, you could configure a default username and password for the devices, then still have your AS check the calling station ID.

           

          I would also be curious to see the packet capture, but I understand that may be security risk. If you feel inclined to post the capture with the RADIUS-Accept, I would be happy to investigate this further.

           

          I get the impression you have already looked here, but the FreeRADIUS guide/Mac Auth could be helpful.