Best method to filter on calling-station-ID/IP Address?
tnt at kalik.net
tnt at kalik.net
Tue Oct 14 23:50:44 CEST 2008
>I have VPN users who connect to a Cisco ASA firewall, which authenticates
>using radius off of Freeradius. I would like to enforce which IP addresses
>users may connect from. Am I correct to assume the Radius server is the
>best place to perform this?
>
>If so, what is the best way to go about doing this? Since our users.conf is
>programitcally generated, hopefully the changing part of the configuration
>can be isolated to this file? Below is an example login from the
>free-radius server. I want to filter on "Calling-Station-Id", to enforce a
>specified source IP which may vary by user.
>
Just add Calling-Station-Id == users static IP address to the check line.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list