802.1X Extra Miles

Johnny R vasiana09 at gmail.com
Wed May 4 20:07:08 CEST 2016


I m  wondering if there is another 'obvious' way to handle non-802.1X
capable equipment apart from checking their MAC :(. OS fingerprinting,
seems a little bit ... more than an extra mile :)


v4s[at]#unrelated | "sh3ll is just the beginning"

                                 .__
_____ _______  ____  ___________  |__| ____ _____
\__  \\_  __ \/  _ \/  ___/\__  \ |  |/    \\__  \
 / __ \|  | \(  <_> )___ \  / __ \|  |   |  \/ __ \_
(____  /__|   \____/____  >(____  /__|___|  (____  /
     \/                 \/      \/        \/     \/




On Wed, May 4, 2016 at 8:49 PM, Igor Novgorodov <igor at novg.net> wrote:

> Nope, it has complicated logic based on Calling-Station-Id, NAS-IP-Address
> & multiple SQL queries.
> With EAP it would, of course, use more CPU (if over TLS - even worse).
> We currently have about 150% of a Xeon E5-2630 core used at peak times.
>
>
> On 04/05/16 19:52, Arran Cudbard-Bell wrote:
>
>> On 4 May 2016, at 09:33, Igor Novgorodov <igor at novg.net> wrote:
>>>
>>> We're running FreeRADIUS that authenticates 5-6 *million* users per day
>>> (with peaks about 1000 requests per second) on a small VM with 4 vCPU.
>>>
>> That's with EAP?
>>
>> -Arran
>>
>> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>> FreeRADIUS Development Team
>>
>> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list