Concerned about the security of my Wireless network, I spent a few days thinking of a way to increase the protection without the complexity of MFA and 802.1X for the members of my home. Because we need to be realistic in an office, we were forced to use very secure protocols and passwords with long lengths that are impossible to replicate in our homes.
In my own experience, a few months ago, I tried to introduce a new configuration to my wireless network with authentication based on AAA, which wasn't perfect. My wife spent 15 minutes trying to access the network because she didn't know how complex network configuration works. My neighbour asked me: did you change the WiFi password? (LOL).
After that, I thought of a new way to get more secure in my Wireless network without that complaint, and a new idea came to my brain: DVLAN + MAC Auth. With these two features, I can increase the granularity and security of my network with minimal knowledge of my family. The MAC Auth forces me to know and approve the devices connected to my network, and with the DVLAN can create different Internet profiles based on the VLAN assigned to the devices.
In the Daloradius I made two profiles for home members and IoT devices with the assignment of VLAN
The creation of users was very simple just use MAC Address Authentication in place of User Authentication. After that, I added the mac to my devices and select the correct group profile.
0 Comments