Authorising Clients by Calling Station ID Not IP

JennyBlunt jennyshoehorn at me.com
Mon Oct 24 21:45:50 CEST 2011


Hello Phil

I guess we don't need a per NAS secret but thought it might help block any customers we don't need.

We have a load of wifi hotspots on dynamic ips. We know all their nas ids, but not their ip addresses. That's the main reason for it. I guess the other way would be to use hunt groups or a network id to allow / disallow clients instead of worrying about the nas?

J

On 24 Oct 2011, at 20:42, Phil Mayers [via FreeRadius] wrote:

> On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote: 
> 
> > The ultimate intention was to use the mac address of the nas and a nas 
> > specific shared secret. 
> 
> Do you really need a per-NAS secret? 
> 
> > 
> > In your opinion, are there better ways to deal with dynamic clients? 
> 
> "It depends". Can you describe your setup in any detail? 
> 
> If you've got untrusted clients on IP addresses you don't control and 
> can't know ahead of time, then it's really hard. The best solution is 
> "don't do that". 
> 
> If your NAS and network topology support it, things like VPN tunnels 
> from NAS->radius server with IP assignment might be one option. 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> If you reply to this email, your message will be added to the discussion below:
> http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933898.html
> To unsubscribe from Authorising Clients by Calling Station ID Not IP, click here.



--
View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933910.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111024/2795a807/attachment.html>


More information about the Freeradius-Users mailing list