I plan to aut. my wireless client with a radius server an ap. Now we have real long access-lists, and addig user is a bit difficult.
The question is right now isa not a how…, but a what:
So can I get a label each associated wireless clients as I have them now witth simple acces-list and labeling?
I I understood I can centralize my dhcp with dhcp relay, but I wish to centralize my mac filter as well.
Thanks for answers.
do you have RADIUS server?
Wireless MAC RADIUS authentication. It wont create an maintain your access-list but it will make your AP consult RADIUS for every MAC that wants to authenticate, returning a permit/deny response.
Ok, I know that. The question is, that when one client is auth-ed by radius and the ap allows it to join, can I still use comments. Now, when I take a look at my reg table, I have the comments entered in access-list, so I do not have to look after mac address, just see mac and user real name. Thats what I need with radius. Is it a dream?
That is why you use your RADIUS server with a “front-end”… We use OptiGold…
Hitek
as i said, it wont maintain an access-list. afaik, you cant see comments because i havent found an attribute to send the comments.
Maybe I’m not understanding your question, but are you asking if you can get your registration table to show the name of the user(as a comment or otherwise) along with the MAC address, so that the registration table reflects active MAC addresses and owner’s names whether they were authenticated with the RADIUS server or locally?
That"s it. If radius works, I do nit need acces-list. The main thing is, that I have to see names (as comments) top of the mac adresses.
Sten: thank, you answered the question: no such attribute on radius. Or anyone else has found?
That’s what I was wondering… If RADIUS is working, then you should not be looking at your registration table any longer for information. This is what the front-end of the RADIUS server is for. It enables you to see logged in MAC addresses, names, IP addresses, and just about any other information you would want to see, right in front of your eyes…
So if I user RADIUS, acces-list is empty. If I want to check out who is online, can I see it on MT reg-tabel, or only on RADIUS admin pages, or where?
SNMP will show you who is connected.
RADIUS is just an authentication and accounting database, used to store information for easy retrieval by other devices on a network. It’s main talent is to efficiently store information about network devices, and not necessarily to make it easy for you to see. While you can look directly at your RADIUS data through it’s own interface(if you want to call it that, in some cases), that is not the preferred method of browsing the RADIUS server’s database. A “front-end” is used for the database, as an easier-to-use interface that allows you to view the data in the database in a form that is easier digest. Which data that is stored is up to the administrator who sets up the network, but generally includes assigned data rate, current usage, current IP address, MAC address, protocol, username, password, routes, and many other things that can be found in the AAA section of the MT documentation. The “front-end” software takes this data and lays it out in a form that you can see more easily, and groups it with other data that may not be in the RADIUS server’s database, such as customer billing and address information…
http://www.digitalpoint.com/products/isp/
Hitek