How to filter MAC addresses within Freeradius?

John McDonnell mcdonnjd at pcam.org
Tue Nov 30 14:42:35 CET 2010


> -----Original Message-----
> On Behalf Of Christ Schlacta
> 
> mac filtering should happen at the AP level.
> 

Ever try maintaining large (300+) MAC auth lists on multiple APs? Not fun at
all. Even maintaining a consistent list of 50 addresses across multiple APs
is not that fun, though a bit more manageable in a pinch.
When the lists are so large that you have to modify your APs to even be able
to store the list in NVRAM, it becomes an even larger pain when adding new
APs to your infrastructure as you have to modify the new APs before you can
even use them. (Had to increase the size of the virtual NVRAM to use more
flash space, which caused strange errors on the APs after a while.)
Maintaining the list in RADIUS makes it much simpler as you now only have
one location with all your access lists that you can easily manipulate to do
pretty much anything you want with.

And in regards to maintaining large access lists on each AP: yes, we could
have bought a Cisco AP controller for $ that we don't have in our budget
(which sadly keeps shrinking instead of growing) that doesn't do much more
than FreeRADIUS, or implement a FreeRADIUS server for free on some old
hardware we had laying around. You do the math, though I still would like a
controller for a couple of the radio and AP balancing functions it can do,
I'd still tie it into the FreeRADIUS server for AAA for centralization of
all our access rules (wired and wireless) and accounting.

> On Mon, Nov 29, 2010 at 7:23 PM, Viirydiianah Robles
> > Hi
> >
> > I have ubuntu 10.4 with freeradisUs-server-2.1.10
> >
> > my question is, where to add the Mac address? in users or
> > clients.conf

clients.conf is where you would put your APs/switches/etc.

You would add the MAC addresses for your users' machines to the users file.
Or to SQL/LDAP or Perl function.

-- 
John D McDonnell
Penn Cambria School District
mcdonnjd at pcam.org
O< ASCII Ribbon Campaign - http://www.asciiribbon.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4101 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101130/a86627f3/attachment.bin>


More information about the Freeradius-Users mailing list