Authenticate user by NAS-IP & NAS-Port-ID instead of User-Name & Password
louis at ntinet.com
Fri Apr 20 21:52:53 CEST 2012
I have a managed network switch that support MAC authentication and
will send requests to Radius. The issue is I do not wish to keep a
list of customer device MAC addresses for authentication. I would like
to enforce activation by port.
My first attempt was changing the username & password to something
standardized like "<NAS-IP>-<NAS-Port-ID>" & "somesecurepassword"
When I did this though I think EAP failed with the user-name did not
match what was on the original request.
What I am looking for is what the best way to approach this scenario is.
The 2 options I can think of is try writing a custom sql module that
way I do not need to play with the User-Name Password or proxy the
request and then authenticate it that way the names don't get fudged
on the original request.
Any other easier ways? Am I on the right track?
Also, anyone know of managed switches (Other than Cisco) that support
setting the Ingress/Egress speeds of the port via Radius?
O: 803-533-1660 X 207
More information about the Freeradius-Users