RADIUS-Proxy before MAC Auth

Alan DeKok aland at deployingradius.com
Wed Feb 20 14:23:49 CET 2013

Oliver Warda wrote:
> Now, I have the demand to implement RADIUS Proxy also.
> As I understand MAC Auth is done before RADIUS Proxy.


> But I do not want to administrate about 5.000 RADIUS Proxy clients in my
>  authorized_macs file (RADIUS Proxy is using 802.1x only).
> Is there a way to proxy requests based on realms before checking the MAC
> address?

  Yes.  You can check if the User-Name contains an "@" character.  If
so, proxy.  For example:

	if (User-Name =~ /@/) {
		if (updated) {


  That should stop processing the request as soon as it's marked "to be

  Alan DeKok.

More information about the Freeradius-Users mailing list