Dynamic Clients IP Best practice?

Bjørn Mork bjorn at mork.no
Fri Jun 24 11:14:52 CEST 2011


"Brent Wilkinson" <brent at air2data.com> writes:

> I unfortunately have a large amount of hotspots that are behind dynamic
> ip's. We have tried to get as many of them onto statics as possible but are
> having issues with that. After having read through a few dozen different
> threads and readmes does freeradius have something that has been put into
> place to address this?( I assume the answer is no or I glazed over while
> reading and missed the answer) .
>
>  
>
> If there is no built in feature is there a best practice for this? 

If you can get the hotspots to report back to you whenever they change
their address, then you can put something together by using the
dynamic-clients feature.

raddb/sites-available/dynamic-clients contains some documentation.

You could e.g. combine that with letting the hotspots update their own
clients entry in a database when their address changes, of course over a
channel you see as secure enough, e.g https, ldaps or mysql over ssl.

The advantage compared to the "ip range client" solution is that you get
to keep unique shortnames and secrets per hotspot.  But I don't want to
estimate any security gain, since you must allow the clients to update
their own client entry.  If one of hotspots is insecure, then the whole
network will be insecure.


Bjørn




More information about the Freeradius-Users mailing list