You can use the users file with: DEFAULT NAS-IP-Address =~ "^123.123", ... or DEFAULT NAS-IP-Address !~ "^123.123", Auth-Type := Reject Alexandru Dincov wrote:
Hello, We plan to use freeradius for authenticating remote access to more than 2000 network devices (CISCO, Nortel, etc.) and we want to do some access control based on huntgroups. Users and RADIUS profiles are stored in an LDAP backend. Following freeradius documentation, we have to define all 2000+ IP addresses in huntgroups configuration file, apparently there is no way to use IP ranges for defining huntgroups. But this solution (having one huntgroups configuration file with more than 2000 entries for each freeradius server) would be very difficult to maintain. Anyone knows if there are any limitations in huntgroups size? Are there other solutions to have huntgroups functionality (access control based on NAS-IP-Address or Client-IP-Address) using IP address ranges? Thanks,
Alex
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html