Port/mac/IP authentication, authorization, auditing. Is it possible ?
Alan DeKok
aland at deployingradius.com
Sun Jun 2 04:24:48 CEST 2019
On Jun 1, 2019, at 2:57 PM, CpServiceSPb <cpservicespb at gmail.com> wrote:
>
> Is it possible by default or by using additional modules to authentice,
> authorize devices plugged to managed switch not only by mac, btu also by
> mac/ip or port/mac/ip, especially for statically assigned devices ?
You can generally authenticate by MAC, but not by IP. RADIUS is about network access. And the device doesn't have an IP until after it's been given network access.
Look at the debug output: radiusd -X.
Then, see which attributes are in the input packet. Those attributes are the ones that you can use for authorization / authentication checks.
Alan DeKok.
More information about the Freeradius-Users
mailing list