Print Page - Is it possible to require wired authentication without a managed switch?

Title: Is it possible to require wired authentication without a managed switch?
Post by: baz on December 07, 2021, 05:26:35 AM

I would like to force anyone that plugs in to my "dumb" wired switch to be forced to authenticate through the configured FreeRADIUS server. I have FreeRADIUS running in OPNSense to authenticate WiFi, but the AP is basically a smart switch configured to look for the RADIUS server and authenticate through WPA-Enterprise 802.1x. Is it possible to do the same natively through OPNSense without a smart switch? All the pieces seem to be there already.

Title: Re: Is it possible to require wired authentication without a managed switch?
Post by: Patrick M. Hausen on December 07, 2021, 07:49:50 AM

Short answer: no.

Longer answer: how should anything on the firewall prevent two devices on your dumb switch from talking to each other? The point of 802.1x is to prevent layer 2 network access completely. That must be done by the switch.

OPNsense Forum

English Forums => General Discussion => Topic started by: baz on December 07, 2021, 05:26:35 AM