Authorising Clients by Calling Station ID Not IP

Phil Mayers p.mayers at imperial.ac.uk
Mon Oct 24 21:40:59 CEST 2011


On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote:

> The ultimate intention was to use the mac address of the nas and a nas
> specific shared secret.

Do you really need a per-NAS secret?

>
> In your opinion, are there better ways to deal with dynamic clients?

"It depends". Can you describe your setup in any detail?

If you've got untrusted clients on IP addresses you don't control and 
can't know ahead of time, then it's really hard. The best solution is 
"don't do that".

If your NAS and network topology support it, things like VPN tunnels 
from NAS->radius server with IP assignment might be one option.



More information about the Freeradius-Users mailing list