Recommendation for Wi-Fi setup that authenticates using machine ID

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Recommendation for Wi-Fi setup that authenticates using machine ID

CrashAndBurn

693 posts

Ultimate Geek
+1 received by user: 105

#255644 22-Aug-2019 08:54

Scenario: My brother lives overseas and runs a student accommodation and would like to setup a wi-fi network that will use machine ID for authentication. This is to stop people from sharing their logins to everyone.

Question: Any recommendation on the cheapest and easiest way to do this. Was hoping for something that a user just provides their machine ID and my brother loads it in then thats it.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2303485 22-Aug-2019 08:56

What do you mean by "machine ID" ?

xpd

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#2303487 22-Aug-2019 08:57

Turn off DHCP and lock down by MAC address of the device is prob the most easiest/cheapest way - but does require admin to add each device manually etc.

XPD / Gavin

LinkTree

CrashAndBurn

693 posts

Ultimate Geek
+1 received by user: 105

#2303489 22-Aug-2019 08:58

sbiddle:

What do you mean by "machine ID" ?

Device ID? Basically he wants to allow each student to connect to the wifi with a laptop and mobile each.

CrashAndBurn

693 posts

Ultimate Geek
+1 received by user: 105

#2303500 22-Aug-2019 09:13

His current setup is a fibre connection with his router providing the wifi. The router has 4 LAN ports. He wants to add 2 more access points. One in each hallway. Any recommendation? Was hoping for something that can be managed in the router and not from each access point e.g. when the mac address is added, the user can connect on any of the access points.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2303507 22-Aug-2019 09:27

CrashAndBurn:

sbiddle:

What do you mean by "machine ID" ?

Device ID? Basically he wants to allow each student to connect to the wifi with a laptop and mobile each.

That still doesn't answer the question about what you mean by "device ID". Are you meaning MAC address?

By the sounds of it this is a very straight forward setup at present and nothing you want to do would likely be possible without moving to a more sophisticated setup.

For MAC address based authentication you'll ideally need to build a hotspot solution with external radius server and use 802.1x EAP + MAC address authentication which sounds well beyond the hardware capabilities of what you have, and probably the knowledge required to put this all together. Maintaining MAC addresses will also be a nightmare.

CrashAndBurn

693 posts

Ultimate Geek
+1 received by user: 105

#2303520 22-Aug-2019 09:34

sbiddle:

CrashAndBurn:

sbiddle:

What do you mean by "machine ID" ?

Device ID? Basically he wants to allow each student to connect to the wifi with a laptop and mobile each.

That still doesn't answer the question about what you mean by "device ID". Are you meaning MAC address?

By the sounds of it this is a very straight forward setup at present and nothing you want to do would likely be possible without moving to a more sophisticated setup.

For MAC address based authentication you'll ideally need to build a hotspot solution with external radius server and use 802.1x EAP + MAC address authentication which sounds well beyond the hardware capabilities of what you have, and probably the knowledge required to put this all together. Maintaining MAC addresses will also be a nightmare.

Yes it is the mac address. Mmm. I thought it was as easy as plugging in 2 more access points to the current router and changing authentication method. I guess I will have to research some more.

HP

Shop now for HP laptops and other devices (affiliate link).

bignose

143 posts

Master Geek
+1 received by user: 22

#2303535 22-Aug-2019 09:52

forget about mac address filtering - setup a proper radius server and use proper userid/password auth for wifi - people are much less willing to 'share' their credentials when it's directly traceable back to themselves.

gareth41

742 posts

Ultimate Geek
+1 received by user: 79

#2303538 22-Aug-2019 09:57

FreeRadius and OpenWrt will do what you want, they're a mission to setup though if you're not familiar with Linux. Also add Coova-Chilli or WifiDog to that if you want a captive portal.

CrashAndBurn

693 posts

Ultimate Geek
+1 received by user: 105

#2304314 23-Aug-2019 07:26

Follow up question: Is there an SME grade WiFi router where I can limit how many simultaneous connections an account can use. What I am thinking now is each user will have their own login BUT limit it to 2 connections at any given time?

Spyware

3817 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

#2304329 23-Aug-2019 07:56

Radius accounting.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2304337 23-Aug-2019 08:20

CrashAndBurn:

Follow up question: Is there an SME grade WiFi router where I can limit how many simultaneous connections an account can use. What I am thinking now is each user will have their own login BUT limit it to 2 connections at any given time?

Depends how you're tryiing to log in.

If it's via standard WPA2 PSK the answer is no because it's not something a router has control over.

If it's via a captive portal using radius or something like Mikrotik hotspot manager the answer is yes.

It it's using WPA2 PSK with 802.1x EAP the answer is yes.

As much as I hate to say it if you really have to ask the question I suspect building a solution is potentially going to be beyond your skill levels and you might be better off getting an expert to build a solution for you.

Something like a Mikrotik router could do everything you want, but that has a learning curve that goes with it.