eduroam is an 802.1X network. You need to use an EAP-based authentication method. MAC address can only be used as authorization context (but really shouldn't be).
Tim ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> on behalf of Nadim El-Khoury <[email protected]> Sent: Friday, August 28, 2020 9:52:08 AM To: [email protected] <[email protected]> Subject: Re: [WIRELESS-LAN] MAC authentication bypass on Freeradius Hi Norman, Let me better explain what we trying to do. We used to have an open hidden SSID using a WEP key to connect loaner laptops (Windows, Macs), iPads, and Chromebooks. We upgraded our wireless network to MIST and we decided to only advertise eduroam. We want to connect the above devices to eduroam using Mac address authentication, and it is not working. Best, Nadim On Thu, Aug 27, 2020 at 9:38 PM Norman Elton <[email protected]<mailto:[email protected]>> wrote: Do you mean authenticate non-802.1x clients based on MAC address? Yes. It works fine. We have an Open Access SSID, with "MAC address authentication by RADIUS lookup". We provide our RADIUS server IP & secret. Our FreeRADIUS server takes the request and responds with an Accept/Reject, and the following attributes: Tunnel-Type = "GRE" Tunnel-Medium-Type = "IP" Tunnel-Private-Group-ID = <vlan-id> I don't remember any specific challenges, but if you can post what's not working, I'm happy to help. And/or jump on a call and compare experience with Mist. Norman On Thu, Aug 27, 2020 at 4:14 PM Nadim El-Khoury <[email protected]<mailto:[email protected]>> wrote: > > Hi Everyone, > > Has anyone been able to get MAC authentication bypass to work properly with > FreeRadius and MIST Wireless? > > Best, > > Nadim > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community > list. If you want to reply only to the person who sent the message, copy and > paste their email address and forward the email reply. Additional > participation and subscription information can be found at > https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7fa638b2b54747d273e208d84b59a503%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637342195691415025&sdata=o2hJFhFZcegKr4ClzEquJVvozd4NJJ5KN7CJKZCci80%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7fa638b2b54747d273e208d84b59a503%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637342195691415025&sdata=o2hJFhFZcegKr4ClzEquJVvozd4NJJ5KN7CJKZCci80%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C7fa638b2b54747d273e208d84b59a503%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637342195691425019&sdata=13noZ%2BNVjyMRGri%2BpBzjvARF7qfyf5bXOljFBIvOq%2F4%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
