Mac-Auth

Alexey Shildyakov ashl1future at gmail.com
Thu Jul 7 23:20:07 CEST 2011


I'm not sure about FreeRADIUS but for this scheme we use server with
disable mac learning and static mac table. If you don't have the
server support this try to do it in the switches, but static mac table
limited to some value less than 3000 I think. If you have several
suitable routers and you know that clients don't move between them you
could set static mac table to the part of 3000 for every switch. At
sum it may be 3000 and may meet static mac table limit requirement.

2011/7/8 Paulo Maia <phc.maia at gmail.com>:
> I dont want to enable 802.1x auth in the clients coz i have over 3000
> computers and i dont have AD to set a gpo to set in all clients  ....  But i
> do have all mac-addresses . I dont know if im going the wrong way here .
>
> Thanks ,
>
> On Thu, Jul 7, 2011 at 5:59 PM, Paulo Maia <phc.maia at gmail.com> wrote:
>>
>> Ok guys thanks .
>> One other question tough  .... i have configured radius settings in the
>> switch (c2960g) with aaa-newmodel dot1x port-control auto and the requests
>> are getting to the radius server OK . But it keeps asking for user/pass auth
>> and . Is there a way to authenticate the mac-address without enable 802.1x
>> in the client computer ?
>>
>>
>> On Thu, Jul 7, 2011 at 4:19 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
>> wrote:
>>>
>>> Hi,
>>> >    Hi Guys ,
>>> >    Here is the thing , im trying to use Mac-Auth , I managed to get
>>> > working
>>> >    using authorized-macs files , although i need to use a mysql table�
>>> > witch
>>> >    i already have with the ssid and mac-address fields and i need to
>>> > add an
>>> >    operator to expired macs , coz i work at a college campus and
>>> > students
>>> >    mac-addresses need to expire acording to their course period . Any
>>> > ideas ?
>>> >    Thanks in advance .
>>>
>>> put MAC address in the radcheck table and set an Expiration. should work
>>> a treat
>>>
>>> 00-11-22-33-44-55 Expiration := "10 Jul 2011"
>>>
>>>
>>> alan
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-- 
Best Regards, Shildyakov Alexey Vladimirovich




More information about the Freeradius-Users mailing list