Date: Sun, 14 Sep 2003 00:07:32 +0200 From: Martin Jessa <freebsd@yazzy.org> To: freebsd-isp@freebsd.org, nathan@vidican.com Subject: Re: Radius and MAC Address Access Control Message-ID: <20030914000732.4f01d15d.freebsd@yazzy.org> In-Reply-To: <20030909221635.M54304@vidican.com> References: <20030909121457.672d3b41.freebsd@yazzy.org> <20030909221635.M54304@vidican.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Nathan, guys. I have a setup like that today except I use pptp vpn tunnels for my users. The vpn daemon (poptop) talks to freeradius server which against gets user info from MySQL database. I use dialup_admin to be able to easly add new users. Everything works great except for one thing. The users (companies) are unable to create their own VPN tunnels (i.e IPsec) to other places. It's impossible to tunnel IPsec inside of pptp vpn tunnels. So maybe running plain PPPoE could solve that problem. Then I could use WPA for traffic encryption. Does that sound logical? Nathan. Do you do controll the bandtwith of your users too ? I need some kind of system that will make it possible to give different bandwith to different users. I though I could set up DUMMYNET with bw restrictions for different subnets with a subnet mask like /16 or similar. Then give static IP's to my users depending on what bw they are allowed to use. But this approach does not seem to be very flexible. Is there a way to make radius do bandwith restrictions or run commands against an external application? Thanks YazzY On Tue, 9 Sep 2003 22:20:41 +0000 "Nathan Vidican" <nathan@vidican.com> wrote: > Might I suggest you look into just using PPPoE for wireless applications? You > can first off make use of WEP to secure the traffic to some extent, then run > PPPoE (which can authenticate through radius) to have your clients login and > what-not. This way you can control not only access to the network but also > access to which IP address(es). > We have a similar setup here, where we use private IP's from tower to > tower and route traffic back to home base, where clients login with PPPoE to > get an external IP address and it works very well thus far. > > Just my 2 cents, if you still want to block/control by mac address why not > just use a switch which has radius support; eg: Cisco 2924XL. > > -- > Nathan Vidican > nathan@vidican.com > Innovative Product Sales > http://www.InnovativeProductSales.com/ > > On Tue, 9 Sep 2003 12:14:57 +0200, Martin Jessa wrote > > Hi Guys. > > > > I am setting up system for a Wireless ISP trying to figure out how > > to enable MAC Address Access Control with a radius server. I need to > > find out how it can be done and what Radius server supports tricks > > like that. Any ideas? > > > > Thanks in advace. > > YazzY > > _______________________________________________ > > freebsd-small@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-small > > To unsubscribe, send any mail to "freebsd-small-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030914000732.4f01d15d.freebsd>