Port/mac/IP authentication, authorization, auditing. Is it possible ?

Alan DeKok aland at deployingradius.com
Sun Jun 9 18:57:28 CEST 2019


On Jun 9, 2019, at 12:27 PM, CpServiceSPb <cpservicespb at gmail.com> wrote:
> I understand it.
> 
> And along to it I started some ight duscussion of one of switch
> (amanged one) representatives to add such funtional for it.

  The switch vendors don't control RADIUS.

> And I asked this quiestion here because this case is two side - server
> (Freeradius) and switch where server send out simply "yes" or "no"
> that is
> it gives an order to a switch "yes" or "no" and a switch simply
> ececute it - to allow or to deny access.
> And if such functional is at switch but is not at server (Radius) , it
> will not work at all.

  In part, but not completely.

  The IETF controls RADIUS.  No one will implement anything without a standard from the IETF.

> That is if switch is able to send port:mac:IP but Freeradius can not
> accept of such data and can not further handle it in a right way, such
> functinality will not work.
> 
> 
> One more, I tried to ask both "sides" - server developers/community
> and switch maker (one of brand) personell as well.

  That's just not how things work.

  Standards bodies (like the IETF) create standards.  The switch vendors and RADIUS server authors won't implement things unless they're a standard.

  Alan DeKok.





More information about the Freeradius-Users mailing list