specify ip range in huntgroups (or similar functionality).

Jason Murray jemurray at zweck.net
Wed Feb 28 16:24:57 CET 2007

Is it possible to specify a range of IP addresses in a huntgroups file?

What I am trying to accomplish is:

1) AAA authentication to our Cisco devices using radius
2) Only allow people in a specific group to access the devices
3) Reject everyone else.

I am using the following:

netgear           NAS-IP-Address ==

test1 at net Auth-Type := Local, User-Password == "testing",
Huntgroup-Name == "netgear"
        Service-Type = NAS-Prompt-User,
        cisco-avpair = "shell:priv-lvl=15"

DEFAULT Auth-Type := Reject, Huntgroup-Name == "netgear"
        Reply-Message = "Not Authorized to access this gear"

This works just fine, but we have well over 600 devices.  If at all
possible I would like to specify network ranges instead of individual
IP addresses in the huntgroups file (similar to what I can do in the
clients.conf file).  Is this possible?  If it is not possible in the
huntgroups is there a better way to do what I want to accomplish?

Thanks in advance!

Jason E. Murray
jemurray at zweck.net

More information about the Freeradius-Users mailing list