EAP-TLS and MAC Authentication

Alan DeKok aland at deployingradius.com
Sat May 15 16:27:28 CEST 2010


John McDonnell wrote:
> I'm not doing any dynamic VLAN assignments over the wireless so I really don't see any need for MAC authentication and just see it as unneeded overhead. Is there any reason why I'm wrong with this assumption?

  It never hurts.  You can do *both* EAP && MAC auth at the same time.
It stops people who share their passwords.  If you do login tracking,
you can see if two MACs have logged in at the same time, too.

  This stops a large percentage of bad behavior.

  If you're *not* tracking MACs right now, you have no idea who's on
your network.

  Alan DeKok.



More information about the Freeradius-Users mailing list