Best Practices - maximum NAS entries in clients.conf

Mon Sep 12 16:46:13 CEST 2011

Yup.  One could create a management / auth VLAN of sorts.  Set the source port for RADIUS/Auth/etc. to be said VLAN.  In theory then you would need only a single network entry in clients conf, and if you wish, reject traffic from any other "unauthorized" nets / IP's.

We do something similar as we also have a large number of switches and other NAS type devices.

G

-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Bruce Nunn
Sent: Monday, September 12, 2011 9:41 AM
To: FreeRadius users mailing list
Subject: Re: Best Practices - maximum NAS entries in clients.conf

If the network your APs are on is physically secure, and you don't need accounting for individual APs, you can use netmasks to define clients in the clients.conf file.

----- Original Message -----
From: "Sallee, Stephen (Jake)" <Jake.Sallee at umhb.edu>
To: freeradius-users <freeradius-users at lists.freeradius.org>
Cc: 
Sent: Monday, September 12, 2011 9:04 AM
Subject: Best Practices - maximum NAS entries in clients.conf

@ everyone

We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine.  We will be expanding our infrastructure soon and the number of NAS entries will increase significantly.  At what point should we think about putting them into a database for FR to use?

Also, I have seen some chatter on the list about dynamic NASs.  Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>