802.1X Extra Miles
Johnny R
vasiana09 at gmail.com
Wed May 4 20:07:08 CEST 2016
I m wondering if there is another 'obvious' way to handle non-802.1X
capable equipment apart from checking their MAC :(. OS fingerprinting,
seems a little bit ... more than an extra mile :)
v4s[at]#unrelated | "sh3ll is just the beginning"
.__
_____ _______ ____ ___________ |__| ____ _____
\__ \\_ __ \/ _ \/ ___/\__ \ | |/ \\__ \
/ __ \| | \( <_> )___ \ / __ \| | | \/ __ \_
(____ /__| \____/____ >(____ /__|___| (____ /
\/ \/ \/ \/ \/
On Wed, May 4, 2016 at 8:49 PM, Igor Novgorodov <igor at novg.net> wrote:
> Nope, it has complicated logic based on Calling-Station-Id, NAS-IP-Address
> & multiple SQL queries.
> With EAP it would, of course, use more CPU (if over TLS - even worse).
> We currently have about 150% of a Xeon E5-2630 core used at peak times.
>
>
> On 04/05/16 19:52, Arran Cudbard-Bell wrote:
>
>> On 4 May 2016, at 09:33, Igor Novgorodov <igor at novg.net> wrote:
>>>
>>> We're running FreeRADIUS that authenticates 5-6 *million* users per day
>>> (with peaks about 1000 requests per second) on a small VM with 4 vCPU.
>>>
>> That's with EAP?
>>
>> -Arran
>>
>> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>> FreeRADIUS Development Team
>>
>> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list