Re: [Help] Is there a way to differentiate devices using Radius?
Hi All, I already found a way to configure it. Thanks a lot. http://wiki.freeradius.org/guide/Mac-Auth#Note Thanks Danny On Wed, Mar 13, 2013 at 10:14 AM, Danny Kurniawan < danny.kurnia...@fairchildsemi.com> wrote: > Sorry for this beginner question. I have read the man_rlm password but > dont see example how to add the mac address. > > can some of you showed to me an example of it? I assume its as simple as > key in the MAC address into some file in Radius conf file or something? > > Thanks > Danny > > On Wed, Mar 13, 2013 at 9:13 AM, Danny Kurniawan < > danny.kurnia...@fairchildsemi.com> wrote: > >> Noted. I guess using the AP to do the MAC filtering is the best options >> for me >> >> On Tue, Mar 12, 2013 at 9:19 PM, Alan DeKok wrote: >> >>> Danny Kurniawan wrote: >>> > Is that means we have to manually added the client MAC into radius one >>> > by one? >>> >>> You need *some* method to separate known devices from unknown ones. >>> >>> How you do it is up to you. >>> >>> Alan DeKok. >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> >> >> -- >> Best Regards, >> Danny >> > > > > -- > Best Regards, > Danny > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] Is there a way to differentiate devices using Radius?
Sorry for this beginner question. I have read the man_rlm password but dont see example how to add the mac address. can some of you showed to me an example of it? I assume its as simple as key in the MAC address into some file in Radius conf file or something? Thanks Danny On Wed, Mar 13, 2013 at 9:13 AM, Danny Kurniawan < danny.kurnia...@fairchildsemi.com> wrote: > Noted. I guess using the AP to do the MAC filtering is the best options > for me > > On Tue, Mar 12, 2013 at 9:19 PM, Alan DeKok wrote: > >> Danny Kurniawan wrote: >> > Is that means we have to manually added the client MAC into radius one >> > by one? >> >> You need *some* method to separate known devices from unknown ones. >> >> How you do it is up to you. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > Best Regards, > Danny > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] Is there a way to differentiate devices using Radius?
Noted. I guess using the AP to do the MAC filtering is the best options for me On Tue, Mar 12, 2013 at 9:19 PM, Alan DeKok wrote: > Danny Kurniawan wrote: > > Is that means we have to manually added the client MAC into radius one > > by one? > > You need *some* method to separate known devices from unknown ones. > > How you do it is up to you. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] Is there a way to differentiate devices using Radius?
Danny Kurniawan wrote: > Is that means we have to manually added the client MAC into radius one > by one? You need *some* method to separate known devices from unknown ones. How you do it is up to you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] Is there a way to differentiate devices using Radius?
On 03/12/2013 01:46 AM, Danny Kurniawan wrote: Is that means we have to manually added the client MAC into radius one by one? RADIUS can only act on RADIUS attributes. There's no RADIUS attribute that says: Device-Type = "Bosses iPad" Most NASes send username and network address of the client (MAC or IP) and that's about it for optional (non-authentication) stuff. In other words, RADIUS can't differentiate devices - *you* have to do that, by supplying data and policy. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] Is there a way to differentiate devices using Radius?
Hi, >Is that means we have to manually added the client MAC into radius one by >one? well, you want to restrict it to known devicesso ONE way is to add the allowed MACs to a DB - they could be added to some other lookup table. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] Is there a way to differentiate devices using Radius?
Is that means we have to manually added the client MAC into radius one by one? -Danny On Fri, Mar 8, 2013 at 11:00 PM, Alan DeKok wrote: > Danny Kurniawan wrote: > > We have successfully deploy Meraki Wireless with Radius 2.1.1 connect to > > eDir LDAP. Everything works just fine. Now my company want to explore > > whether we are able to restrict a devices, that only company devices can > > connect to our wifi ssid. Is that possible using Radius? Like using cert > > etc? Or it has to be done from the AP end? > > The simplest way is via MAC address filtering. Allow known MACs, > disallow all others. See "man rlm_passwd" for examples. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Best Regards, Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Help] Is there a way to differentiate devices using Radius?
Danny Kurniawan wrote: > We have successfully deploy Meraki Wireless with Radius 2.1.1 connect to > eDir LDAP. Everything works just fine. Now my company want to explore > whether we are able to restrict a devices, that only company devices can > connect to our wifi ssid. Is that possible using Radius? Like using cert > etc? Or it has to be done from the AP end? The simplest way is via MAC address filtering. Allow known MACs, disallow all others. See "man rlm_passwd" for examples. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
