1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Certificate/static key alternative auth to bypass wifi pass?

Discussion in 'Tomato Firmware' started by kzrssk, May 8, 2014.

  1. kzrssk

    kzrssk LI Guru Member

    Hey, all! Did a quick site-scope Google search and didn't come up with anything, so hopefully this isn't already spelt out somewhere obvious.

    I want a set up where certain devices can get onto the wireless network regardless of the wifi password. Is there a way to set this up? Preferably, this would be completely transparent to the user (e: as in, I would set this up for them in advance, and the end user doesn't have to bother with any of it). All devices not set up this way would log in normally with the wifi password (until we decide to go the RADIUS route). That is, even if we change the wifi password, those specific devices will still have access without any work on either the staff or end users' parts.

    Any help appreciated! Thanks!
    Last edited: May 8, 2014
  2. koitsu

    koitsu Network Guru Member

    What you're wanting is 802.1X or EAP. Let us know how it goes / what you find out / what you implement.

    Note: this type of methodology is used at large enterprises, such as Microsoft, as a form of wireless authentication. There is no "wifi password" to give out; instead you're given a certificate that you have to install that uses 802.1X or EAP (I don't remember which) that authenticates you (or denies you access if revoked).
  3. kzrssk

    kzrssk LI Guru Member

    Okay, thanks. I'll get researchin'. I'm assuming Tomato could hook into that easily with the WPA Enterprise option? Would most of the configuration be outside of Tomato?
  4. koitsu

    koitsu Network Guru Member

    I've yet to see anyone using TomatoUSB with 802.1X or EAP. I have absolutely no idea how to even go about configuring that or doing it, hence "let us know how it goes / what you find out / what you implement". :)
  5. mpegmaster

    mpegmaster Addicted to LI Member

    Could you just White List the device MAC address?

Share This Page