NAS MAC Authentication

Alan DeKok aland at
Thu Jun 11 09:57:36 CEST 2009

Jacob Baloul wrote:
> I have several NAS / Hotspots installed behind a NAT.
> They are all WRT54GL routers with OpenWRT + Chili and authenticating
> against FreeRadius + DaloRadius which is NOT in this NAT.
> Meaning FreeRadius sees all of the WRT's as coming from the same public
> IP, which also happens to be dynamic.
> My question is, can I authenticate and maintain session based on the NAS
> MAC address as apposed to the public dynamic ip address?

  The server doesn't support this.

  Running multiple NASes behind a NAT is a really bad idea.  The
simplest solution is to put a RADIUS proxy inside the NAT, and proxy the
RADIUS packets over IPSec to the server.

  Alan DeKok.

More information about the Freeradius-Users mailing list