Evren, Thanks for the reply. To be honest, I haven't really looked into it *that* far as of yet. This is more of a proof-of-concept that I am fiddling with.
Yes, our pupils join our LAN via wireless (and wired too). I am using the wireless as a test. If it works as required, I'll later roll it out to our wired infrastructure too, however it needs to be fairly simple so that the rest of the team can absorb the info and be able to use and understand it too. I planned to either use our W2K server that we use for DHCP when we Ghost machines or to use the built in DHCP capabilities of our wireless APs to create a scope and then use that. I understand they can just give themselves a static IP address, hence the idea of welding an IP pool to their MAC Address via RADIUS. Hopefully it will mean that if they do use a static address, they'll still have to pick one within the scope. Our Wireless APs are all Apple Airport Extremes. I am unsure if the Extremes allow MAC Address-IP Pool matching, although the W2K one does IIRC. Hardware and software are varied. Our clients are W2K and OS X clients. Pupils are same plus some XP clients too. Various wireless card manufacturers. As mentioned all AP's are Airport Extremes, all switches are managed HP ProCurves of varying models. All are relatively new though (max 2 years old). Our LAN is spread over 300 acres over Gbit fibre. All buildings come back to the central core via this fibre, managed switch in every building (unless there's less than 8 clients inside). If as you say FreeRADIUS can be made to use a pool, and the DHCP/AP supports everything (big if I know) then I should be able to set this up. Now all I need to do is read the manual pages, etc :) Has anyone got a URL for (or willing to quickly go through) the setup of an IP Pool, etc on FreeRADIUS??? Dan > >The answer depends on your dhcp server (and not) ;) I think. Did you >check in your DHCP server manuals if it supports this type of attribute? >What is your DHCP server? By the way, it is usually possible that your >pupils might give an IP manually, it is not so secure to trust only to >the DHCP server. > >So your pupils use wireless cards to connect to the network? >Can you give more details about the hardware and software? > >Freeradius has IP pools, you can define a pool and make certain MAC >addresses use the IPs from the pool. See Framed-IP-Address attribute(if >I am not mistaken, it was something like that) But does your wireless >ap/dhcp server etc. support this? that is the question... > >Evren > >Dan Hawker wrote: > >> Hi All, >> >> My first post so please be gentle :) >> >> We've been having a few problems with pupils joining our LAN using their >> own kit. Although we'd like to allow this at some stage (under our rules >> obviously) we'd like this to be done in a sensible, secure way. >> >> Now I have set up a FreeRADIUS box on OS X, it has MySQL support and so >> far, so good it works fine. If I setup a wireless AP to use it, it works >> like a charm. Fine. >> >> I'd like to now setup a scheme for the RADIUS box to match MAC Addresses >> to a range of IP addresses (particularly a scope our DHCP server will >send >> out). I am therefore hoping any pupil laptop in the future will be >allowed >> access as long as the MAC address is known and they are using a >particular >> IP range. >> >> Is this doable with FreeRADIUS??? I presently am using dialup_admin to >> admin the system and it has a IP Address field in the new user and new >> group setup. Can I add a range in the usual 192.168.1.0/24 notation to >say >> the group and make all Pupil users a member of that group??? >> >> Would this work or am I completely barking up the wrong tree. >> >> TIA >> >> Dan >> >> ------ >> >> Dan Hawker >> Systems Admin >> Canford School >> -- >> >> [EMAIL PROTECTED] -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
