Authenticate user by NAS-IP & NAS-Port-ID instead of User-Name & Password
Louis Arsenault
louis at ntinet.com
Fri Apr 20 21:52:53 CEST 2012
Hello,
I have a managed network switch that support MAC authentication and
will send requests to Radius. The issue is I do not wish to keep a
list of customer device MAC addresses for authentication. I would like
to enforce activation by port.
My first attempt was changing the username & password to something
standardized like "<NAS-IP>-<NAS-Port-ID>" & "somesecurepassword"
When I did this though I think EAP failed with the user-name did not
match what was on the original request.
What I am looking for is what the best way to approach this scenario is.
The 2 options I can think of is try writing a custom sql module that
way I do not need to play with the User-Name Password or proxy the
request and then authenticate it that way the names don't get fudged
on the original request.
Any other easier ways? Am I on the right track?
Also, anyone know of managed switches (Other than Cisco) that support
setting the Ingress/Egress speeds of the port via Radius?
--
-Louis
NTInet
O: 803-533-1660 X 207
C: 803-997-0004
More information about the Freeradius-Users
mailing list