freeRADIUS for switch authentication

A.L.M.Buxey at A.L.M.Buxey at
Mon Jul 8 10:37:31 CEST 2013


>    (Sorry if this is OT) As I understand, I couldn't use 802.1x
>    authentication on just the switches themselves? Since a client must have
>    certificates to authenticate to a server. What i just wanted to accomplish
>    is to authenticate the switches only on the radius server, so this md5
>    encryption I had setup should be sufficient?

what you do is up to you. a standard NAS will have several configuration
options - allowing RADIUS for admin access or RADIUS for host/client access or both.

why cant you just do 802.1X on thw switch?  yes, clients need certs but thats
the same as WiFi - you could get a RADIU server cert signed by a known CA in
the OS (which isnt best but would allow thigns to just work)

>    Last question, could I just create a single user to be used by multiple
>    switches? Is there any conflict going to happen? Switch count on branches
>    ranges from 15-50.

once again, depends on config. why do you think you cant? do you have strong user
authorization/session checks? its just a user....


More information about the Freeradius-Users mailing list