> -----Original Message----- > On Behalf Of Christ Schlacta > > mac filtering should happen at the AP level. >
Ever try maintaining large (300+) MAC auth lists on multiple APs? Not fun at all. Even maintaining a consistent list of 50 addresses across multiple APs is not that fun, though a bit more manageable in a pinch. When the lists are so large that you have to modify your APs to even be able to store the list in NVRAM, it becomes an even larger pain when adding new APs to your infrastructure as you have to modify the new APs before you can even use them. (Had to increase the size of the virtual NVRAM to use more flash space, which caused strange errors on the APs after a while.) Maintaining the list in RADIUS makes it much simpler as you now only have one location with all your access lists that you can easily manipulate to do pretty much anything you want with. And in regards to maintaining large access lists on each AP: yes, we could have bought a Cisco AP controller for $ that we don't have in our budget (which sadly keeps shrinking instead of growing) that doesn't do much more than FreeRADIUS, or implement a FreeRADIUS server for free on some old hardware we had laying around. You do the math, though I still would like a controller for a couple of the radio and AP balancing functions it can do, I'd still tie it into the FreeRADIUS server for AAA for centralization of all our access rules (wired and wireless) and accounting. > On Mon, Nov 29, 2010 at 7:23 PM, Viirydiianah Robles > > Hi > > > > I have ubuntu 10.4 with freeradisUs-server-2.1.10 > > > > my question is, where to add the Mac address? in users or > > clients.conf clients.conf is where you would put your APs/switches/etc. You would add the MAC addresses for your users' machines to the users file. Or to SQL/LDAP or Perl function. -- John D McDonnell Penn Cambria School District mcdon...@pcam.org O< ASCII Ribbon Campaign - http://www.asciiribbon.org/
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html