Authorising Clients by Calling Station ID Not IP

Jennyanydots Napoleon Shoehorn jennyshoehorn at
Mon Oct 24 23:09:55 CEST 2011

This is very interesting, really appreciate the replies.

Other than using a VPN, how do other wifi providers actually operate securely?


On 24 Oct 2011, at 21:04, Phil Mayers wrote:

> On 10/24/2011 08:45 PM, JennyBlunt wrote:
>> Hello Phil
>> I guess we don't need a per NAS secret but thought it might help block
>> any customers we don't need.
>> We have a load of wifi hotspots on dynamic ips. We know all their nas
> Ok, that's about the hardest case I'm afraid.
> If you have the option of using something like a tunnel (IPSec) to bring the NASes into your network and give them local IPs I would take it.
> If not, then an out-of-band solution might work.
> There's no easy answer here I'm afraid. It will depend on the numbers and vendor of your NAS, the capabilities they have and lots of other factors.
> In an ideal world, radius-over-TLS (RadSec) would solve this problem but it's basically guaranteed your NASes don't support it (nothing does yet, and possibly never will for NAS->Server traffic).
> -
> List info/subscribe/unsubscribe? See

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list