IP-Address

[Nick Lowe]

Aran,

Sorry, I should have been far more specific in what I wrote and less
copy-and-paste hasty.

Those requirements were written in the context that:

1) Integration would only be with RADIUS, not with the particular DHCP
server that is in use on a site and not with SNMP back to the NASes.
2) Identity spoofing would not be able to occur via the EAP outer identity,
given the first requirement.

If you have that integration with DHCP and better yet with SNMP, as you
point out, many of the requirements melt away.

It was written with a bias that the solution be something that is easily
deployable in existing environments and also with an NPS specific bias. If
you can touch more of the stack, you have more options.

So, apologies to the OP for not writing something more reasoned

Regards,

Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140326/1f00ae98/attachment-0001.html>