huntgroups question

Kenneth Grady klg at
Mon Nov 20 19:02:55 CET 2006

You can use the users file with:
DEFAULT    NAS-IP-Address =~ "^123.123",  ...
DEFAULT    NAS-IP-Address !~ "^123.123", Auth-Type := Reject

Alexandru Dincov wrote:
> Hello,
> We plan to use freeradius for authenticating remote access to more
> than 2000 network devices (CISCO, Nortel, etc.) and we want to do some
> access control based on huntgroups. Users and RADIUS profiles are
> stored in an LDAP backend. Following freeradius documentation, we have
> to define all 2000+ IP addresses in huntgroups configuration file,
> apparently there is no way to use IP ranges for defining huntgroups.
> But this solution (having one huntgroups configuration file with more
> than 2000 entries for each freeradius server) would be very difficult
> to maintain. Anyone knows if there are any limitations in huntgroups
> size? Are there other solutions to have huntgroups functionality
> (access control based on NAS-IP-Address or Client-IP-Address) using IP
> address ranges?
> Thanks,
> Alex
> ------------------------------------------------------------------------
> - 
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Devel mailing list