MAC Authentication - Bad Idea?
Alan DeKok
aland at deployingradius.com
Thu Feb 3 09:53:53 CET 2011
Jim Rice wrote:
> The MikroTik routers can be configured to send a variety of MAC address formats, the default is XX:XX:XX:XX:XX:XX
Which isn't the format recommended by the RFCs <sigh>.
> It can also be set to include the same MAC address in the Password field, instead of NULL, but I do not see any added benefit to that.
There isn't much benefit... but both are bad ideas.
>>> but had to set Auth-Type := Accept.
>> Hmm... that's probably not the best way to do it,
>> but if it works...
>
> Is there a best (or better) way?
Not really, unfortunately.
> Do I need to be concerned with MAC spoofing?
Of course.
Alan DeKok.
More information about the Freeradius-Users
mailing list