802.1X Extra Miles

Igor Novgorodov igor at novg.net
Wed May 4 18:33:56 CEST 2016

We're running FreeRADIUS that authenticates 5-6 *million* users per day 
(with peaks about 1000 requests per second) on a small VM with 4 vCPU.
Memory usage is negligible (200-300MBytes) even with 
max_queue_size=1048576, cleanup_delay=30, max_requests=262144

The database is what's loaded more, but it depends on complexity and 
number of requests per authentication event.

So your case should not be a problem at all.

On 04/05/16 19:12, 3 at D4rkn3ss DuMb wrote:
> Dear List,
> I hope you are all doing fine. I know that the following question might be
> 'out of scope' of the user's list but still, I would like to ask some
> user's experience. I successfully implemented '802.1x or MAC-Auth' as
> described on the how-to: the 802.1x is PEAP based (server's certificate
> deployed on all client) with Computer authentication (instead of user
> authentication) + Mac verification (in a specific table in radius db), and
> for all non-capable 802.1x end-points (such as pointers) just a mac
> verification. However, I m still confused about the following issues:
>   - since the above are just only deployed in my testing environment, and I
> m supposed to deploy the same for 1k users, how much memory
> (RAM,HD,Processor) should I allocate to radius server! The DB is also on
> the same server as Freeradius.
>   - what kind of extra-layer could I add to the authentication layer (PC
> authentication PEAP + MSCHAP v2, against AD 2008, + MAC Verification) to
> make it even 'more secure'?
> Thank you,
> Regards,
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list