I'm currently working on my diploma thesis, and I'm sorting some things out at the moment.
The task is, to authenticate mac-adresses through a cisco catalyst 6500. A pretty new feature called "mac-authentication-bypass" is available in CatOS and works well with Cisco ACS 4.0 beta. Due to our demands we want to deploy freeradius, with a mysql database.
It works like that. The switch sends an Access-Request with the connecting MAC in the Caller-ID Field and Sevice Type is set to "10", hence "Call Ceck". Radius now authenticates the users on a given MAC (Caller ID) instead of a user/password.
I haven't set up freeradius yet, but I'm slighty familar with the settings that have to be done. In table "radcheck" I create attribute "Calling-Station-ID" with value "MAC-Address" (f.e. ff-ee-11-22-33-44), this value will be checked against.
I also have to edit the sql.conf (user, database etc) and telling radiusd.conf to use sql in the "authorise" section. I'm sticking to the Freeradius MySQL howto by Scott Bartlett for that. :)
The only thing I'm currently unaware of is, where I can tell freeradius to use Call-Check together with mysql, I think it's somewhere in sql.conf?
Only thing that need to be done IMO is to tell radius, that there is no username and authentication needs to be done on a caller-id basis.
Any thoughts?
Thanks in advance.
Bye Florian
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
