Logging from another PC

Ivan Kalik tnt at kalik.net
Thu Jan 31 11:13:55 CET 2008


1. Switch has to support dynamic VLAN assignment by radius. Then you pass
Tunnel set of attributes (type, medium and id)  to it and place a user
in a desired VLAN. If you can only configure VLANs manually, than this
is not going to work.

2. How does someone change his IP address to a different subnet and VLAN
connection through the switch still works??? That should not be
possible. Your VLAN configuration is suspect. If someone is placed on a
VLAN with a private address and then changes the address to a public one
(trying to get onto Internet, for instance) - he should not be able to
connect to anything because he is on one subnet and gateway on another.
Same applies if all addresses are private but you are doing NAT for one
(subnet) and not for another etc.

Ivan Kalik
Kalik Informatika ISP


Dana 31/1/2008, "javkhlanbaatar at newcomsystems.mn"
<javkhlanbaatar at newcomsystems.mn> piše:

>Hmm. That sounds great. I have Port-based VLANs on the switches but still
>no affects. Am I using wrong type VLANs? Port-based authentication, could
>you explain some?
>Thanks.
>
>
>
>> Yes. Use VLANs and port based authentication and they won't be able to
>> do that. If they manually change IP address to a different VLAN
>> connection will become unusable.
>>
>> Ivan Kalik
>> Kaliki Informatika ISP
>>
>> Dana 29/1/2008, "javkhlanbaatar at newcomsystems.mn"
>> <javkhlanbaatar at newcomsystems.mn> piše:
>>
>>>Hi,
>>>
>>>I have a question.
>>>When the user logs using own username and password into Radius server
>>> (ie,
>>>using 192.168.160.5), it is OK. When someone change IP address statically
>>>into logged IP (to 192.168.160.5), he can use the logged account. I mean
>>>he can use another one's account. How can I block another PC? And I don't
>>>want the user logs often in one day. User must logs once in a day. That's
>>>why I don't want to put Idle-Timeout attribute.
>>>
>>>
>>>I'm using FreeRadius 2.0.1 with Cisco'BBSM 5.3. Could you give some
>>>clarfication for this?
>>>
>>>Thanks
>>>
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list