802.1x/iPSK DB access delegation.

Alex Zetaeffesse fzetafs at gmail.com
Thu Jan 6 00:21:18 CET 2022


Just a small update on the project.
I have realized that with Cisco 9800 and 3702I I must use FlexConnect but
in the FlexProfile I am limited to 16 VLANs and hence the solution with
Cisco scales up to 16 companies.

I wonder if anybody in the ML has experiences where local switching can be
done with more than 16 VLANs (with other than Cisco HW).

Alex

On Wed, Dec 29, 2021 at 4:51 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Dec 29, 2021, at 10:15 AM, Alex Zetaeffesse <fzetafs at gmail.com> wrote:
> > I didn't know FR could query different sources of
> > authentication/authorization sequentially (especially if tables are on
> > different servers) but I guess that would introduce a lag in the response
> > time back to the NAS
>
>   Yes.
>
>   FR can do pretty much anything.  It's just that you usually don't want
> to do many queries.  It's inefficient, and slow.
>
> > Maybe a SQL proxy (that's on my side)? Then the first reply would be
> > served. And uh by writing this I realized I could expose the service to a
> > potential DoS for specific MAC addresses.
> > Ok, much better a single table in a single DB where checks before
> storing a
> > record can be done simply and quickly!
>
>   Exactly.
>
>   Also, the table used by FR doesn't have to be the same ones used by the
> web tool.  You can create views, foreign keys, etc.
>
>   The point is that the DB used by FreeRADIUS should be (a) local, and (b)
> fast.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list