topic Re: Mac-address authentication per vlan/ssid in Wireless

Mac-address authentication per vlan/ssid

pbarman — Sun, 04 Jul 2021 17:37:11 GMT

Requirement is a user with macaddress1 is supposed to connect using SSID abc only. Second user with macaddress2 should connect using SSID xyz only.

If user with macaddress1 ever tries to connect using SSID xyz, he should NOT be given access to the network.

Effectively we are trying to restrict certain mac-addresses to certain vlans (or, ssids) only!

Is it possible to configure this, if so, how?

Thanks for any info provided.

Re: Mac-address authentication per vlan/ssid

Philip D'Ath — Sun, 27 Mar 2005 08:31:09 GMT

The easiest way to do this is to tie it in with RADIUS. Then you simply define a policy on the RADIUS server saying user "x" is only valid in SSID "abc".

Might be just as easy to pass the VLAN ID back to the access point that the user is allowed to use.

Re: Mac-address authentication per vlan/ssid

pbarman — Sun, 27 Mar 2005 22:11:22 GMT

Agreed to the above. However customer wants to tie the macaddress instead of userid with ssid. We can do mac address authentication using radius and have a pool of macaddresses that would be allowed. However what we want is two pools of allowed macaddresses and each tied to its own ssid. Is it possible???

Re: Mac-address authentication per vlan/ssid

Philip D'Ath — Mon, 28 Mar 2005 01:15:53 GMT

One of the attributes passed by the AP back to the RADIUS server is the SSID.

My thoughts are that you need two RADIUS policies. One that requires a specific SSID and a MAC address from a specified pool, and a second policy for the second SSID and the second pool of MAC addresses.