specify ip range in huntgroups (or similar functionality).

tnt at kalik.co.yu tnt at kalik.co.yu
Wed Feb 28 17:05:12 CET 2007


It is possible with a huntgroups like:

gear     NAS-IP-Address > IPaddress1 , NAS-IP-Address < IPaddress2
            Group == admin

But I would assign admin group it's address pool and then restict access
with access control lists. That should be the job for the firewall.

Ivan Kalik
Kalik Informatika ISP
http://www.kalik.co.yu


Dana 28/2/2007, "Jason Murray" <jemurray at zweck.net> piše:

>Is it possible to specify a range of IP addresses in a huntgroups file?
>
>
>
>What I am trying to accomplish is:
>
>1) AAA authentication to our Cisco devices using radius
>2) Only allow people in a specific group to access the devices
>3) Reject everyone else.
>
>I am using the following:
>
>
>huntgroups:
>-------------------
>netgear           NAS-IP-Address == 172.20.120.75
>
>
>
>users:
>----------
>test1 at net Auth-Type := Local, User-Password == "testing",
>Huntgroup-Name == "netgear"
>        Service-Type = NAS-Prompt-User,
>        cisco-avpair = "shell:priv-lvl=15"
>
>DEFAULT Auth-Type := Reject, Huntgroup-Name == "netgear"
>        Reply-Message = "Not Authorized to access this gear"
>
>
>
>
>This works just fine, but we have well over 600 devices.  If at all
>possible I would like to specify network ranges instead of individual
>IP addresses in the huntgroups file (similar to what I can do in the
>clients.conf file).  Is this possible?  If it is not possible in the
>huntgroups is there a better way to do what I want to accomplish?
>
>Thanks in advance!
>
>
>--
>Jason E. Murray
>jemurray at zweck.net
>http://unixhosts.us/
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list