FreeRADIUS MPSK On Raspberry Pi
HTML-код
- Опубликовано: 3 апр 2023
- Setting up MPSK on an Aruba AP to authenticate with FreeRADIUS running on a Raspberry Pi.
MPSK lets you use a single SSID Wi-Fi network with a client pre-shared key, but with the ability to assign variables like VLAN and passphrase per user. 
Наука
This video solved my problem configure a Aruba 305 AP, I used a lot of time today until I watched the video, many thanks 🙂.
Thanks for the effort mate, really good videos.
Very informative sir 🙌🙌🙌🙌🙌🙌
Great video ...
I did spin up freeradius in lxc container and openwrt vm with usb wifi card an it works great so far.
Yeah, my unifi gear does radius assigned vlan, it's a neat system
Another fantastic video. Perhaps worth emphasising how useful this would be for pushing untrusted IoT devices in to their own VLAN without requiring the clients to be Radius capable.
Yep I like the idea of only having one SSID. In process of moving over about 30 devices to the new SSID, some painful as need to reset them then of course if you are using a per device PSK you can't jus select the WiFi network on your mobile or device your running the setup app on.
Finally got a few FreeRadius servers set up on Docker, it was bit of a mission as I'm jus getting into docker but it works and I've secured it 🙂, just need to now move the IoT devices over 😞 as some will require setting to default I should imagine and that includes the WiFi smart plugs which are configured in Home Assistant too.
On what device had you the wireshark and where was it placed on the network to see packets to/ from Radius server? Thanks for the video
How many RPIs do you have? 😮
Is it possible to do the assignment based on the psk alone or do you need to specify the clients MAC?
Idea being, you can just type different passwords on one device and join different VLANs as needed.
Wanted to ask this exact question as well. On Ruckus it’s referred to as DPSK and is essentially dropping a client on a particular VLAN depending on what PsK they use, without having to pre register each MAC address.
@@excession1293 That would be handy option especially when you use a iOS device which seems to force Private Addresses (mac address randomization) by default.
Does freeradius support IPSK (Cisco Identity PSK) ?
A bit tedious to add each device that isn't default. Is there a more convenient way of managing users in freeradius? Like flatfiles or databases with a webui or something to that nature?
I'm quite sure there is.
This is new to me. I had not seen FreeRADIUS before. I get the idea it could be used both for wired and wireless networks (.1x and .11i)?
Of course. That X in 802.1X is a capital by the way ;)
Here you go ruclips.net/video/ZPKKI0t5uH8/видео.html
@@TallPaulTech That is a great video. I have been out of IT for a while now, but I have equipment at home I like to "Play" with. I think with a Pi I should be able to get it to work with my lab: Ubiquiti EdgeRouter 4 > NETGEAR Smart Switch (GS716Tv3) > Ubiquiti UAP-AC-LITE. The only question is about FreeRADIUS as I didn't see a dictionary for Ubiquiti - I will cross that bridge when I get there. (I had seen 802.1X with both upper and lower case. I should have checked official sites about it first).
You might only need the generic RADIUS responses instead of anything special.
Hello,
great project, thanks.
How can I get the dictionary for TP-link Omada controller?
Really interesting. I have 10 wifi networks for 10 vlans... terrible. Pfsense is the router/firewall and 4 OpenWRT APs to configure Wifi + VLANs individually (yikes). The only good thing is the OpenWRT APs are same model Netgear router so I can copy configuration and just change IPs for the APs.. but still terrible. I never setup FreeRadius before...but I see there is a pfsense FreeRadius package, but I don't see an OpenWRT dictionary for FreeRadius so lots of research ahead of me