Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎05-08-2013

Does anyone use mac-address fall-back over eduroam for devices such as chromecast?

We use freeradius and AD for eduroam with a mac-auth fall-back that presently works seamlesly on our wired ports through the switched estate. I want to be able to replicate this in Wi-Fi for devices that are incapable of doing 802.1x but without creating another SSID. Essentially I want devices to be authorised over Wi-Fi using the eduroam SSID only, is this possible and if so how?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Does anyone use mac-address fall-back over eduroam for devices such as chromecast?

This is not possible with 802.1X networks. You would need to connect these devices to your open/PSK networks.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎05-08-2013

Re: Does anyone use mac-address fall-back over eduroam for devices such as chromecast?

I know of institutions and businesses that are moving towards a single SSID for all device types and users based on a 802.1x network. How will they get around this inevitability if the controller cannot meet these business policies and objectives?

 

Perhaps it's slightly more complicated with Wi-Fi where the SSID only exists in one state whereas a switch has capability for 3-4 states so far as 802.1x is concerned but still...

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Does anyone use mac-address fall-back over eduroam for devices such as chromecast?

I don't know of anyone authenticating consumer, non-1X devices on a 1X network.

 

It is not feasible to go down to a single 802.1X SSID. You will always need one 802.1X network and one open/PSK network if you plan to support guests and "dumb" devices.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 269
Registered: ‎04-04-2014

Re: Does anyone use mac-address fall-back over eduroam for devices such as chromecast?

 

Most will adjust their "business policies and objectives" to prevent consumer crap from being allowed to use wifi, I believe.  Even were 11u to allow a mixed 1x/PSK environment, if the device can't do 1x, the odds of it doing 11u are pretty bleak, and if you allow a device to talk open, then everything that talks to it is talking in the clear.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: