I m wondering if there is another 'obvious' way to handle non-802.1X capable equipment apart from checking their MAC :(. OS fingerprinting, seems a little bit ... more than an extra mile :) v4s[at]#unrelated | "sh3ll is just the beginning" .__ _____ _______ ____ ___________ |__| ____ _____ \__ \\_ __ \/ _ \/ ___/\__ \ | |/ \\__ \ / __ \| | \( <_> )___ \ / __ \| | | \/ __ \_ (____ /__| \____/____ >(____ /__|___| (____ / \/ \/ \/ \/ \/ On Wed, May 4, 2016 at 8:49 PM, Igor Novgorodov <igor@novg.net> wrote:
Nope, it has complicated logic based on Calling-Station-Id, NAS-IP-Address & multiple SQL queries. With EAP it would, of course, use more CPU (if over TLS - even worse). We currently have about 150% of a Xeon E5-2630 core used at peak times.
On 04/05/16 19:52, Arran Cudbard-Bell wrote:
On 4 May 2016, at 09:33, Igor Novgorodov <igor@novg.net> wrote:
We're running FreeRADIUS that authenticates 5-6 *million* users per day (with peaks about 1000 requests per second) on a small VM with 4 vCPU.
That's with EAP?
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html