Yup. One could create a management / auth VLAN of sorts. Set the source port for RADIUS/Auth/etc. to be said VLAN. In theory then you would need only a single network entry in clients conf, and if you wish, reject traffic from any other "unauthorized" nets / IP's.
We do something similar as we also have a large number of switches and other NAS type devices. G -----Original Message----- From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On Behalf Of Bruce Nunn Sent: Monday, September 12, 2011 9:41 AM To: FreeRadius users mailing list Subject: Re: Best Practices - maximum NAS entries in clients.conf If the network your APs are on is physically secure, and you don't need accounting for individual APs, you can use netmasks to define clients in the clients.conf file. ----- Original Message ----- From: "Sallee, Stephen (Jake)" <[email protected]> To: freeradius-users <[email protected]> Cc: Sent: Monday, September 12, 2011 9:04 AM Subject: Best Practices - maximum NAS entries in clients.conf @ everyone We have about 100 NAS entries in our clients.conf file, it makes the file a bear to deal with but the server seems to handle it fine. We will be expanding our infrastructure soon and the number of NAS entries will increase significantly. At what point should we think about putting them into a database for FR to use? Also, I have seen some chatter on the list about dynamic NASs. Am I correct in assuming that if we are using a DB instead of the clients.conf file we can add or remove clients simply by making changes to the correct table, all without having to restart FR? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
