Authenticate user by NAS-IP & NAS-Port-ID instead of User-Name & Password

Louis Arsenault louis at
Fri Apr 20 21:52:53 CEST 2012


I have a managed network switch that support MAC authentication and
will send requests to Radius. The issue is I do not wish to keep a
list of customer device MAC addresses for authentication. I would like
to enforce activation by port.

My first attempt was changing the username & password to something
standardized like "<NAS-IP>-<NAS-Port-ID>" & "somesecurepassword"

When I did this though I think EAP failed with the user-name did not
match what was on the original request.

What I am looking for is what the best way to approach this scenario is.
The 2 options I can think of is try writing a custom sql module that
way I do not need to play with the User-Name Password or proxy the
request and then authenticate it that way the names don't get fudged
on the original request.

Any other easier ways? Am I on the right track?

Also, anyone know of managed switches (Other than Cisco) that support
setting the Ingress/Egress speeds of the port via Radius?

O: 803-533-1660 X 207
C: 803-997-0004

More information about the Freeradius-Users mailing list