Skip to main content
jorge_barattini
jorge_barattini
New Member
May 18, 2015
Solved

FAC 3.3 - IP Subnet as client in Radius Service

  • May 18, 2015
  • 5 replies
  • 6174 views

Hi,

does anybody know if it's possible to configure an IP Subnet instead of a single IP or FQDN for a Client in Radius Service?

 

For example, in Freeradius you can define:

 

client 192.168.1.0/24 { secret = VERYSECRETSTRING }

 

or

 

client private-network-1 { ipaddr = 192.168.1.0 netmask = 24 secret = VERYSECRETSTRING shortname = private-network-1 }

 

Thank you.

 

Regards.

 

Jorge.

    Best answer by Carl_Windsor_FTNT

    This is not currently supported, each RADIUS client IP must be specified.

    5 replies

    Carl_Windsor_FTNT
    Staff
    Carl_Windsor_FTNTAnswer
    Staff
    May 18, 2015

    This is not currently supported, each RADIUS client IP must be specified.

    emnoc
    emnoc
    New Member
    May 18, 2015

    I don't think so, to answer where you might be going with this, you can import numerous  predefined  radius_clients in the authenticator from a CSV file. This will help if you have bulk  clients to included

     

    I believe each client has to be uniquely defined hence why you can't do the  wildcard. Not sure if anything changed in  3.3 but might want to pull the  release not down and review.

     

     

    jorge_barattini
    jorge_barattiniAuthor
    New Member
    May 19, 2015

    Thank you guys for the answers.

    Actually we are implementing it for a customer with 50+ switches (among other devices that use RADIUS) and it would have been very helpful, but we'll use CSV import.

     

    Maybe I'll pass a NFR.

     

    Regards.

     

    Jorge.

    emnoc
    emnoc
    New Member
    May 19, 2015

    Did you pull the  FAC.3.3 or .1 release notes down? It's was release a few days back iirc. I didn't recall any big new items or changes just bug fix but maybe just  maybe FTNT add it.

     

    I've asked my SSE team for a bulk configuration tool a few months back, but I'm not holding my breath but if they get enough request, than FTNT might take action.

     

     

     

    jorge_barattini
    jorge_barattiniAuthor
    New Member
    May 19, 2015

    I have just read it and there's nothing relevant. I'll give it a try in a VM, just in case.... you never know....;-)

     

    Ok, I'll talk to SE team here to +1 this, maybe someday.......

     

    Ty.

     

    Regards.

    Carl_Windsor_FTNT
    Staff
    Carl_Windsor_FTNT
    Staff
    May 19, 2015

    As per previous response this is not supported (even in the latest patch).  Each NAS/Auth Client must be defined either by manual method or CSV import.

     

    emnoc
    emnoc
    New Member
    May 19, 2015

    Thanks Carl

     

    We had the same struggles  and didn't find out about the  csv import till later on after we migrated. It would be nice if we had a simple bulk tool for adding a multiples of  clients and ALL using the same shared radius-secret per client. If you pushing more than 30+ clients,  this would be helpful.

     

    Ideally it would be nice to have a cfgmaker that takes  the popluar RAS cfg  and rebuild it for the FAC, but than most of the competition doesn't have that function either.

     

    just my suggestion.

     

     

     

     

    Terms & ConditionsAccessibility statement