NAS MAC Authentication
aland at deployingradius.com
Thu Jun 11 09:57:36 CEST 2009
Jacob Baloul wrote:
> I have several NAS / Hotspots installed behind a NAT.
> They are all WRT54GL routers with OpenWRT + Chili and authenticating
> against FreeRadius + DaloRadius which is NOT in this NAT.
> Meaning FreeRadius sees all of the WRT's as coming from the same public
> IP, which also happens to be dynamic.
> My question is, can I authenticate and maintain session based on the NAS
> MAC address as apposed to the public dynamic ip address?
The server doesn't support this.
Running multiple NASes behind a NAT is a really bad idea. The
simplest solution is to put a RADIUS proxy inside the NAT, and proxy the
RADIUS packets over IPSec to the server.
More information about the Freeradius-Users