new to freeradius, securing LAN
ldap.lippogeneral.com
test at lippoinsurance.com
Fri May 29 10:47:08 CEST 2009
so you meant, it's more better to avoid them physically.. ;<(
----- Original Message -----
From: "pkc_mls" <pkc_mls at yahoo.fr>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Friday, May 29, 2009 2:33 PM
Subject: Re: new to freeradius, securing LAN
ldap.lippogeneral.com a écrit :
> Hello All,
>
> I am very new to FreeRadius, some of users are already knew our LAN IPs
> .. so they can manually configure an interface on their PC and completely
> bypass our DHCP server.. can I solve this by using FreeRadius?
> I thought this can be done by checking its MAC address, so although they
> use valid IP address but if their MAC address not recognized by our server
> then they must be denied and they cannot go anywhere and cannot do
> anything in our LAN..
>
> I need advise..
Hi,
The problem is not really linked with radius, let's try to propose some
directions anyway.
Most recent switches proposes to do VLAN assignement based on port or
MAC address. Check if your switches can do this.
Radius can be used to authenticate a device (in your case, a PC) with
informations like MAC address or a certificate.
So you can also do some mac based authentication, but keep in mind that
changing a MAC address is as easy as setting a static LAN IP on a PC, so
it's definitely not enough if you wish to avoid what you described above.
hope this'll help.
> many thanks in advance
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users..html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
***********************
Your mail has been scanned by MSS.
***********-***********
***********************
Our outgoing mail has been scanned by MSS.
***********-***********
More information about the Freeradius-Users
mailing list