Authorising Clients by Calling Station ID Not IP
Phil Mayers
p.mayers at imperial.ac.uk
Mon Oct 24 22:04:11 CEST 2011
On 10/24/2011 08:45 PM, JennyBlunt wrote:
> Hello Phil
>
> I guess we don't need a per NAS secret but thought it might help block
> any customers we don't need.
>
> We have a load of wifi hotspots on dynamic ips. We know all their nas
Ok, that's about the hardest case I'm afraid.
If you have the option of using something like a tunnel (IPSec) to bring
the NASes into your network and give them local IPs I would take it.
If not, then an out-of-band solution might work.
There's no easy answer here I'm afraid. It will depend on the numbers
and vendor of your NAS, the capabilities they have and lots of other
factors.
In an ideal world, radius-over-TLS (RadSec) would solve this problem but
it's basically guaranteed your NASes don't support it (nothing does yet,
and possibly never will for NAS->Server traffic).
More information about the Freeradius-Users
mailing list