MAC Authentication via RADIUS

[BrianW]

I am running OPNsense 18.7.10-amd64.

I would like to authenticate users with MAC address via RADIUS or roll to a capture page if not authenticated.

Can this be done with OPNsense? Can someone point me in the right direction?

Thanks,

Brian

[mimugmail]

Username and password have to be the Mac address

[BrianW]

Thanks. I've gotten this far. If I use the default captive portal, I can key in the MAC address in the username field and it authenticates, but I do not want users to see this screen if their device has previously been authenticated.

Ideally, an authenticated device gets immediate Internet access. They should never see the captive portal. If it is not authenticated, they are redirected to my website where they can purchase service or authenticate with an activation code provided when they purchased service. This adds their MAC address to the RADIUS server.

Thanks,

Brian

[mimugmail]

Mac via Radius is 802.1x which is different to CP auth where you can exclude Mac via a list

[BrianW]

Thank you.

What I would like to happen is for OPNsense to check my RADIUS server with the MAC address of the device.

If not authenticated, redirect to our portal for sign up / activation.

I can use CP to redirect to our portal, but how do I tell OPNsense to check our RADIUS server first before invoking the CP.

Thanks,

Brian

[mimugmail]

Mac based auth (802.1X) is in theory the same as mac whitelist via CP.
Why don't you just set up CP and whitelist known mac addresses? Where is the difference to Radius?

[BrianW]

That may work...

Thank you for your assistance.