rat at yia.ca
Wed Dec 17 22:08:17 CET 2008
Yes, that does make more sense. How you explained it.
So basically, I would need to put a NAC (network access controller) at
each remote location. BUT... I wouldn't necessarily have to put a
"traditional" captive portal at each location, even though they would
probably provide pretty much the same features.
On Wed, 2008-12-17 at 12:49 -0500, Leigh Martell wrote:
> Hello Kevin,
> I can't answer definitively, but I would assume that it would be done
> on your NAS(depending on your hardware these rules "could" be
> propagated to the child devices). It would defy all logic for it to be
> done on the clie nt, Just as you would in an unauthenticated
> wired/wireless network it is always best to control traffic at the
> distribution point.
> Hope that helps.
> Take Care,
> Leigh Martell
> On Wed, Dec 17, 2008 at 12:14 PM, kevin <rat at yia.ca> wrote:
> While an "out of the box" solution is where I'll probably end
> up, I'm
> battling with myself over the idea of how to best manage
> bandwidth on a
> network including multiple remote locations, with both wired
> wireless connections.
> I'm moving to using freeradius to authenticate (which
> ultimately will be
> done by MAC for initial ease of setup) but I'm trying to
> figure out
> where the Bandwidth attributes actually are used.
> IOW, when using WISPr-Bandwidth, does that modify the client
> at the client computer or does that occur at a proxy or
> firewall device?
> What I'm getting at is, is a captive portal necessary or can a
> simply have client authentication via freeradius and the
> client network
> card handle managing its own bandwidth? And if so, is there
> possibility that the client computer could be modified by
> someone with a
> bit of skill to bypass those controls?
> Hope that made sense.
> List info/subscribe/unsubscribe? See
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users