Radius and devices that dont support wpa2 enterprise

Solved
ZedKay
Here to help

Radius and devices that dont support wpa2 enterprise

Hello,

 

We are currently looking at setting up a radius server to connect our users/devices to the wireless network.

So far we have that part working for those devices that support wpa2 enterprise.

 

We have a few devices (TV etc) that do not support this authentication method.

We have tried a few things on our radius server to allow specific mac address (but the authentication requests do not appear to be making it through to the radius server)

We are using a freeradius server.

 

Hoping someone can shed some light - or point us in another direction.

 

 

 

 

1 Accepted Solution
BlakeRichardson
Kind of a big deal
Kind of a big deal

@ZedKay Your only option is a second SSID with an authentication method that supports said devices, this SSID can be on the same VLAN as your exisiting wifi network. 

 

I run the same setup in my workplace. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

6 Replies 6
marekgolha
Conversationalist

Hello ZedKay,

I am not sure if I understand the question correctly. You want to connect the TVs to the same WLAN which is using WPA2-ENT or you have created a new WLAN specifically for the devices which do not support WAP2-ENT?

Marek

ZedKay
Here to help

Hi,

 

looking to connect the devices to the same WLAN as the wpa2-ent devices.

 

 

GreenMan
Meraki Employee
Meraki Employee

You can't do this on the same SSID - the 'MAC-based access control (no encryption)' and 'Enterprise with my RADIUS server' config options are mutually exclusive.     Remember that, as per the description, the MAC authentication option does not result in an encrypted WLAN session between the client and the AP as Enterprise 802.1x does.   I'd recommend you look at using Identity PSK with RADIUS (assuming you;re using a reasonably recent MR access point model and firmware).   iPSK combines WPA2-PSK authentication / encryption with a check of the client MAC address.   https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication

Note that this would still be a separate SSID to your Enterprise 802.1x SSID - but you should be able to use the same RADIUS server for both.

ZedKay
Here to help

Thanks GreenMan.

 

We are using iPSK at the moment but without radius.

This is what I was trying to achieve:

https://wiki.freeradius.org/guide/mac-auth#plain-mac-auth_raddb-policy-conf

 

 

BlakeRichardson
Kind of a big deal
Kind of a big deal

@ZedKay Your only option is a second SSID with an authentication method that supports said devices, this SSID can be on the same VLAN as your exisiting wifi network. 

 

I run the same setup in my workplace. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

I'm with @BlakeRichardson .  Don't add complexity unless it is required.  Add a second SSID.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels