Authorising Clients by Calling Station ID Not IP
Jennyanydots Napoleon Shoehorn
jennyshoehorn at me.com
Mon Oct 24 23:09:55 CEST 2011
This is very interesting, really appreciate the replies.
Other than using a VPN, how do other wifi providers actually operate securely?
On 24 Oct 2011, at 21:04, Phil Mayers wrote:
> On 10/24/2011 08:45 PM, JennyBlunt wrote:
>> Hello Phil
>> I guess we don't need a per NAS secret but thought it might help block
>> any customers we don't need.
>> We have a load of wifi hotspots on dynamic ips. We know all their nas
> Ok, that's about the hardest case I'm afraid.
> If you have the option of using something like a tunnel (IPSec) to bring the NASes into your network and give them local IPs I would take it.
> If not, then an out-of-band solution might work.
> There's no easy answer here I'm afraid. It will depend on the numbers and vendor of your NAS, the capabilities they have and lots of other factors.
> In an ideal world, radius-over-TLS (RadSec) would solve this problem but it's basically guaranteed your NASes don't support it (nothing does yet, and possibly never will for NAS->Server traffic).
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users