new to freeradius, securing LAN test at
Fri May 29 10:47:08 CEST 2009

so you meant, it's more better to avoid them physically.. ;<(

----- Original Message ----- 
From: "pkc_mls" <pkc_mls at>
To: "FreeRadius users mailing list" <freeradius-users at>
Sent: Friday, May 29, 2009 2:33 PM
Subject: Re: new to freeradius, securing LAN a écrit :
> Hello All,
> I am very new to FreeRadius,  some of users are already knew our LAN IPs 
> .. so they can manually configure an interface on their PC and completely 
> bypass our DHCP server.. can I solve this by using FreeRadius?
>  I thought this can be done by checking its MAC address, so although they 
> use valid IP address but if their MAC address not recognized by our server 
> then they must be denied and they cannot go anywhere and cannot do 
> anything in our LAN..
> I need advise..

The problem is not really linked with radius, let's try to propose some
directions anyway.
Most recent switches proposes to do VLAN assignement based on port or
MAC address. Check if your switches can do this.

Radius can be used to authenticate a device (in your case, a PC) with
informations like MAC address or a certificate.

So you can also do some mac based authentication, but keep in mind that
changing a MAC address is as easy as setting a static LAN IP on a PC, so
it's definitely not enough if you wish to avoid what you described above.

hope this'll help.
> many thanks in advance
> ------------------------------------------------------------------------
> -
> List info/subscribe/unsubscribe? See 

List info/subscribe/unsubscribe? See

Your mail has been scanned by MSS.

Our outgoing mail has been scanned by MSS.

More information about the Freeradius-Users mailing list