On Thu, Jan 26, 2012 at 4:37 AM, White III, Joe <Joe.White@arvatousa.com> wrote:
Generally, you can only do this is if the requests from those "certain APs" have something which distinguishes them. Then you can match on this in the users file [using 'DEFAULT'] and set Auth-Type to Reject.
If I have three access points I don't want users to access, can I do something like below?
+-----+------------------+----------------+-------+-------+-----------+ | id | nasname | shortname | type | ports | secret | +-----+------------------+----------------+-------+-------+-----------+ | 136 | 172.18.100.8 | ap-2000-cd6 | other | NULL | letmelook | | 11 | 172.18.100.4 | ap2000-cd-2 | other | NULL | letmelook | | 10 | 172.18.100.5 | ap2000-cd-3 | other | NULL | letmelook |
DEFAULT shortname == ap-2000-cd6, Auth-type := reject, Fall-Through = yes
DEFAULT shortname == ap2000-cd-2, Auth-type := reject Fall-Through = yes
DEFAULT shortname == ap2000-cd-3, Auth-type := reject
Not sure. In FR-2.x you should be able to use DEFAULT Client-Shortname == ap-2000-cd6, Auth-type := reject, Fall-Through = yes ... or create some unlang policy using the variable "%{Client-Shortname}". But AFAIK unlang is 2.x, so I'm not sure whether the attribute is also filled in FR-1.x. I highly suggest you upgrade. Which OS/distro do you use? Most linux distros (even the "ancient" centos5 or ubuntu hardy) have a ready-to-use FR2 package. -- Fajar