understanding FreeRADIUS
Tom D. Davidson
me at tomdavidson.org
Fri Oct 17 08:42:41 CEST 2008
Hello, I have some usage questions about FreeRADIUS that I am not
finding answers for on the wiki.
Can FR:
* Place user/device in VLAN based on authentication? AAA 802.1q-in-q?
I guess this would be FR telling a router/switch to push or pop the
tag based on policy?
* Other than VLAN in priority queues, can RF AAA any QoS technologies?
can it do the priority queues for VLANs?
* AAA VPN - both client and server?
* Rate limit? Distinquish committed rate, burst rate, and best effort?
* AAA firewall ports?
* Implement "walled gardens" on users and devices? Is this only for
http(s), what about email, ftp, ect...?
* AAA IP address assignment? No sure how this works, but device/user
request an IP DHCP server checks auth before issuing one? could it
change IP address on existing connection?
* Account network usage per user per device per interface?
FR architecture:
* Does being a WPA user make a difference to any of these questions?
What about being a device rather than a user?
* Authorization policies are not "in" radius, but in the db or
directory correct? So to change policy for a user or device, the
change would be done through the data store and not through radius?
But the policy logic would need to exists in FR (ie modules?)? OR does
the policy logic come form the data store as well?
* Is there an OS API or does all the direction come through the data store?
* Is there any reason why FR couldnt be used as an all encompassing
NAC (for WAN)?
* Do my questions clearly demostrat that I do not understand FR? :)
FR 2.0:
Is 2.0 a move to DIAMETER or is DIA not evolutionary?
Is 2.0 recommended for production or should operators stick with 1.x?
Thank you for your help, tom
More information about the Freeradius-Users
mailing list