The default method of freeradius identifying the source Access-Request packets requests is using IP addresses. But as many of you know, A lot of people don't have IP static addresses. IMHO, A workaround this problem could be to modify freeradius source code to use the NAS identifier + radius secret to authenticate (instead of source ip address+ radius secret) However, As per 1) https://www.dialogic.com/webhelp/BorderNet2020/1.1.0/WebHelp/radatt_nasident... 2) https://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-NAS-id... They say : Code: [Select] NAS-Identifier MUST NOT be used to select the shared secret used to authenticate the request. The source IP address of the Access-Request packet MUST be used to select the shared secret. Can anyone tell me why not? what are the security implications (if any). Quick search on google mentions why NOT to do it, but does not explain the "WHY" of it. Thanks!