Authorising Clients by Calling Station ID Not IP
jennyshoehorn at me.com
Mon Oct 24 21:45:50 CEST 2011
I guess we don't need a per NAS secret but thought it might help block any customers we don't need.
We have a load of wifi hotspots on dynamic ips. We know all their nas ids, but not their ip addresses. That's the main reason for it. I guess the other way would be to use hunt groups or a network id to allow / disallow clients instead of worrying about the nas?
On 24 Oct 2011, at 20:42, Phil Mayers [via FreeRadius] wrote:
> On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote:
> > The ultimate intention was to use the mac address of the nas and a nas
> > specific shared secret.
> Do you really need a per-NAS secret?
> > In your opinion, are there better ways to deal with dynamic clients?
> "It depends". Can you describe your setup in any detail?
> If you've got untrusted clients on IP addresses you don't control and
> can't know ahead of time, then it's really hard. The best solution is
> "don't do that".
> If your NAS and network topology support it, things like VPN tunnels
> from NAS->radius server with IP assignment might be one option.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> If you reply to this email, your message will be added to the discussion below:
> To unsubscribe from Authorising Clients by Calling Station ID Not IP, click here.
View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933910.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users