Is it possible to require wired authentication without a managed switch?

baz · December 07, 2021, 05:26:35 AM

I would like to force anyone that plugs in to my "dumb" wired switch to be forced to authenticate through the configured FreeRADIUS server. I have FreeRADIUS running in OPNSense to authenticate WiFi, but the AP is basically a smart switch configured to look for the RADIUS server and authenticate through WPA-Enterprise 802.1x. Is it possible to do the same natively through OPNSense without a smart switch? All the pieces seem to be there already.

Patrick M. Hausen · December 07, 2021, 07:49:50 AM

Short answer: no.

Longer answer: how should anything on the firewall prevent two devices on your dumb switch from talking to each other? The point of 802.1x is to prevent layer 2 network access completely. That must be done by the switch.

Is it possible to require wired authentication without a managed switch?

baz

December 07, 2021, 05:26:35 AM

Patrick M. Hausen

December 07, 2021, 07:49:50 AM #1