Authenticating MACs and users

Rudolph Bott r at
Sat Nov 20 11:26:40 CET 2010

Hi Alan,

ok I'll try to be more specific:

I have all the mac addresses (including the vlan attribute) in my users 
file. Can I just put in some user accounts as well and configure my 
switches to use the radius server for user authentication?

How do I separate the management-users from my 'fake' mac-address-users? 
I don't wont anyone to login to my switches with his mac address :/

On top of that, I might also need a Radius server to authenticate 
wireless users against Active Directory but I'll probably use IAS here 
(unless its easy to add this feature to the existing freeradius setup as 

Basically my question is: how can I separate user requests for different 
backends (mac-address-users-file, switch-users-file, active directory 
backend) on my radius server. Simply running 3 instances with different 
ports/configurations on the same server is probably not the way to go 
(is it?)

On 19.11.2010 20:42, Alan DeKok wrote:
> Rudolph Bott wrote:
>> Ah yes, thanks - any hints on how to achieve this? Maybe I'm just using
>> the wrong keywords for searching.
>    (a) configure user authentication
>    (b) configure MAC authentication
>    There is no real difference between the two, other than the format of
> the User-Name attribute.
>    If your question was more specific, my answers could be more detailed.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Mit freundlichen Grüßen / With Kind Regards
   Rudolph Bott

More information about the Freeradius-Users mailing list