Quarantining a System using Freeradius

Michael Schwartzkopff misch at multinet.de
Tue Nov 28 11:24:29 CET 2006

Am Dienstag, 28. November 2006 11:11 schrieb Dev Anand:
> Hi All ,
> Is it possible to quarantine a system by placing it in different vlan
> by OpenRadius ?
> If so can somebody guide me on the steps that can be tried .
> The situation is like this :
> System already having an IP address , but found to be infected with a
> virus-worm.
> So it needs to be quarantined automatically .
> Thanks in advance,
> -Deva

It is possible to setup the NAS (Switch) to adjust VLANs according to user or 
computer. But you have to introduce authentication via EAP or MAC address 
based auth to do this.

But there is another problem: How do you tell FR which system to be put into a 
quarantaine VLAN? Manually? You would have to install some kind of agent on 
all machines which test the machine for integrity and tell FR about the 

Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061128/88b1acc0/attachment.pgp>

More information about the Freeradius-Users mailing list