Captive portal user fixed to MAC
-
Is it possible to create user account to access internet
that is fixed to one MAC or IP address?for example
user: jerry
jerrys MAC: xx:xx:xx:xx:xx:xx / IP: xxx.xxx.xxx.xxxso jerry can log in only from devince with that MAc/IP
-
This is possible with a RADIUS server and Captive Portal.
-
Is it possible to create user account to access internet
that is fixed to one MAC or IP address?for example
user: jerry
jerrys MAC: xx:xx:xx:xx:xx:xx / IP: xxx.xxx.xxx.xxxso jerry can log in only from devince with that MAc/IP
Do you mean that the access should only be allow if:
Username + mac + IP are correct !?This cannot be done in just one step. I do not know any possibility to solve this in just one check.
MAC <-> IP matching:
enable DHCP and static MAC entry
create a firewall rule for this IP which allows traffic and disallows other traffic from other IPs
Enable Static ARP entries on DHCPfor username/password check you can use different things:
CaptivePortal
Squid in non-transparent mode with user accessPerhaps it will be possible with squid or CP and freeradius2 package as user backend.
Setup a username/password entry in freeradius and add a custom "Check-Item" attribute for the client IP address. This will look like that:Framed-IP-Address == 192.168.10.125So if the NAS (CaptivePortal or Squid) send the "Framed-IP-Address of the host to the RADIUS than you can do a check against this attribute (Framed-IP-Address) and if the IP is wrong then the user will be rejected. You can do this with the MAC-Address, too if CaptivePortal or Squid is sending this:
Calling-Station-ID == 00:11:22:aa:bb:ccBut be careful, both attributes need to be CHECK-ITEMS and must not be REPLY-ITEMS to work !!!
You can use both checks together, too.Hmm - if I read this again, then it could be possibly feasible to realize that in just one step ;)