On Fri, 2006-06-02 at 11:16 +0100, vertito wrote: > most APs provide a feature wherein you can block certain MAC addr and/or IP > addr not to authenticate from that particular AP. > check its manual. check huntgroup to separate groups. > > no need to change the environment. cascading or non-cascading should work > out right. > > goodluck
Thank you for the reply. The mac check is not a solution, because a malicious user can "steal" the mac from someone using the AP2 (the "staff" AP) and use it to gain access. My hope is to check something like a database plus the standar authentication method ONLY if the request comes from AP2. Thanks again. See Ya - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html