We are using RADIUS under AIX to authenticate traffic through a Cisco box into a VLAN.
Can the RADIUS server be configured to not authenticate specific IP addresses?
In the RADIUS log I see that it is getting the source IP address like this:
Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx"
Can the RADIUS server be configured to not authenticate from that specific IP address/subnet?
Can you not specify on the RADIUS server itself what subnets/ips to allow?
My RADIUS server only accepts connetions from two IP addresses?
Or am I misunderstanding what you're asking :-)
Fook, Part of the problem is that I cannot access the server itself - but if I can help them find a solution to implement it will solve my problem.
Are you talking about limiting it to which NAS devices (firewalls, etc) can authenticate? That is being done.
The problem is that the NAS passes along the source IP of the user, and there are some systems we would prefer not be allowed to authenticate.
Unfortunately the systems we don't want to authenticate are the exceptions, not the rule.
Can you allow authentication from ALL servers except a few?
Fook wrote:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.