802.1x/iPSK DB access delegation.

Alex Zetaeffesse fzetafs at gmail.com
Thu Jan 6 00:21:18 CET 2022

Just a small update on the project.
I have realized that with Cisco 9800 and 3702I I must use FlexConnect but
in the FlexProfile I am limited to 16 VLANs and hence the solution with
Cisco scales up to 16 companies.

I wonder if anybody in the ML has experiences where local switching can be
done with more than 16 VLANs (with other than Cisco HW).


On Wed, Dec 29, 2021 at 4:51 PM Alan DeKok <aland at deployingradius.com>

> On Dec 29, 2021, at 10:15 AM, Alex Zetaeffesse <fzetafs at gmail.com> wrote:
> > I didn't know FR could query different sources of
> > authentication/authorization sequentially (especially if tables are on
> > different servers) but I guess that would introduce a lag in the response
> > time back to the NAS
>   Yes.
>   FR can do pretty much anything.  It's just that you usually don't want
> to do many queries.  It's inefficient, and slow.
> > Maybe a SQL proxy (that's on my side)? Then the first reply would be
> > served. And uh by writing this I realized I could expose the service to a
> > potential DoS for specific MAC addresses.
> > Ok, much better a single table in a single DB where checks before
> storing a
> > record can be done simply and quickly!
>   Exactly.
>   Also, the table used by FR doesn't have to be the same ones used by the
> web tool.  You can create views, foreign keys, etc.
>   The point is that the DB used by FreeRADIUS should be (a) local, and (b)
> fast.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list