WLAN 802.1x PEAP Authentication should work with first device only
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-04-2015 08:40 AM
Is it possible the restrict and limit an sucessfull 802.1x PEAP (Username / Password) Authentication to the first device only within NAC Gateway?
During several customer projects such a feature would be very useful.
Regards
During several customer projects such a feature would be very useful.
Regards
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-19-2017 12:10 PM
Hi Matthias,
stupid question:
Wouldn't your requirement be satisfied with "configure netlogin ports X allowed-users"?
Or did i misunderstand your need?
Best Regards
Chacko
stupid question:
Wouldn't your requirement be satisfied with "configure netlogin ports X allowed-users
Or did i misunderstand your need?
Best Regards
Chacko
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-19-2017 12:10 PM
Sometimes i have several clients on one port (= desktop switch). What i avoid is that a user is using his own username + pw (of windows) several times for several devices.
Limiting the number of clients per switch port has therefore negative effects and do not address my concern directly.
Regards
Limiting the number of clients per switch port has therefore negative effects and do not address my concern directly.
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-12-2017 05:11 AM
You can accomplish this by chaining FreeRADIUS servers. NAC would then send to an upstream FreeRADIUS server that uses the perl_rlm module to run a call back to the NAC DB to query for existing entries to then deny or proxy the RADIUS request.
If you are using a local DB, then enable the simultaneous-use variable and set it to 1, for only one system at a time. I believe you will need radius-accounting for this to work as well.
Edit: This was originally written for wired, and I have removed the wired portion as it would not work for wireless.
If you are using a local DB, then enable the simultaneous-use variable and set it to 1, for only one system at a time. I believe you will need radius-accounting for this to work as well.
Edit: This was originally written for wired, and I have removed the wired portion as it would not work for wireless.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-12-2017 05:11 AM
I don't see why it wouldn't be usable in a customer environment.
it can't take that long. maybe an hour or two? depends on how good you are I guess. you can use the NAC API for the query.
it can't take that long. maybe an hour or two? depends on how good you are I guess. you can use the NAC API for the query.
