Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Radius and devices that dont support wpa2 enterprise

Solved
ZedKay
Here to help
‎Jul 11 2022 11:01 PM
‎Jul 11 2022 11:01 PM

Radius and devices that dont support wpa2 enterprise

Hello,

 

We are currently looking at setting up a radius server to connect our users/devices to the wireless network.

So far we have that part working for those devices that support wpa2 enterprise.

 

We have a few devices (TV etc) that do not support this authentication method.

We have tried a few things on our radius server to allow specific mac address (but the authentication requests do not appear to be making it through to the radius server)

We are using a freeradius server.

 

Hoping someone can shed some light - or point us in another direction.

 

 

 

 

0 Kudos
Subscribe
1 Accepted Solution
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jul 13 2022 12:55 AM
‎Jul 13 2022 12:55 AM

@ZedKay Your only option is a second SSID with an authentication method that supports said devices, this SSID can be on the same VLAN as your exisiting wifi network. 

 

I run the same setup in my workplace. 

btr.net.nz

View solution in original post

Subscribe
6 Replies 6
marekgolha
Conversationalist
‎Jul 12 2022 1:52 AM
‎Jul 12 2022 1:52 AM

Hello ZedKay,

I am not sure if I understand the question correctly. You want to connect the TVs to the same WLAN which is using WPA2-ENT or you have created a new WLAN specifically for the devices which do not support WAP2-ENT?

Marek

0 Kudos
Subscribe
In response to marekgolha
ZedKay
Here to help
‎Jul 12 2022 1:59 AM
‎Jul 12 2022 1:59 AM

Hi,

 

looking to connect the devices to the same WLAN as the wpa2-ent devices.

 

 

0 Kudos
Subscribe
GreenMan
Meraki Employee
Meraki Employee
‎Jul 12 2022 3:41 AM
‎Jul 12 2022 3:41 AM

You can't do this on the same SSID - the 'MAC-based access control (no encryption)' and 'Enterprise with my RADIUS server' config options are mutually exclusive.     Remember that, as per the description, the MAC authentication option does not result in an encrypted WLAN session between the client and the AP as Enterprise 802.1x does.   I'd recommend you look at using Identity PSK with RADIUS (assuming you;re using a reasonably recent MR access point model and firmware).   iPSK combines WPA2-PSK authentication / encryption with a check of the client MAC address.   https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_with_RADIUS_Authentication

Note that this would still be a separate SSID to your Enterprise 802.1x SSID - but you should be able to use the same RADIUS server for both.

0 Kudos
Subscribe
ZedKay
Here to help
‎Jul 12 2022 4:17 AM
‎Jul 12 2022 4:17 AM

Thanks GreenMan.

 

We are using iPSK at the moment but without radius.

This is what I was trying to achieve:

https://wiki.freeradius.org/guide/mac-auth#plain-mac-auth_raddb-policy-conf

 

 

0 Kudos
Subscribe
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jul 13 2022 12:55 AM
‎Jul 13 2022 12:55 AM

@ZedKay Your only option is a second SSID with an authentication method that supports said devices, this SSID can be on the same VLAN as your exisiting wifi network. 

 

I run the same setup in my workplace. 

btr.net.nz
Subscribe
In response to BlakeRichardson
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 13 2022 3:18 AM
‎Jul 13 2022 3:18 AM

I'm with @BlakeRichardson .  Don't add complexity unless it is required.  Add a second SSID.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.