We use pfSense for our router, and Ubiquiti Unifi for our wireless APs and switches.
Currently we're using the FreeRadius package on pfSense for RADIUS authentication on the wireless APs. However, I'm looking at moving to PacketFence, which I understand is a nicer wrapper around FreeRadius.
Also, we'd like to introduce 802.1x on the wired side of things.
However, not all of our clients will support RADIUS username/password.
I understand that you can do 802.1x MAC-based authentication, where you send the MAC address in both the username/password field.
My question is - is there some way of doing mixed username/password, where clients that support username/password will send that, but ones that don't will fallback to using MAC-based authentication? Or some other way of doing username/password with a MAC-address whitelist?
(Yes, I know, MAC addresses can be spoofed, but not sure of another way to handle the legacy devices that don't support RADIUS).
And is there a way to combine this with RADIUS-based VLAN assignment?
No comments:
Post a Comment