Re: A question regarding radius attribute tagging

Thu, 14 Mar 2002 09:02:19 -0800 

At 04:47 PM 3/14/2002 +0000, [EMAIL PROTECTED] wrote:
>Hi,
>
>I have FR up and running nicely, sending back attributes to the nas's
>in question to setup tunnels.
>
>I've heard about a tunnel feature that allows the nas to receive
>multiple
>tunnel-endpoint attributes and then load balance the tunnels it builds,
>i'd like to try this!
>
>The nas can cope with receiving multiple tunnel-endpoint attributes, so
>I presume I can just create a user.conf profile with multiple endpoint
>attributes like this:
>
>         USR-Tunnel-Security = none,
>         USR-Tunnel-Type = L2TP,
>         USR-Tunnel-Endpoint = 10.0.0.100,
>         USR-Tunnel-Endpoint = 10.0.0.101,
>         USR-Tunnel-Endpoint = 10.0.0.102,

Those are USR specific attributes.  Use the RFC standard attrbiutes,
as described in 'raddb/dictionary.tunnel'.  And that's not quite how
it works.  See below for an example.

>Under Steel Belted Radius multiple attributes are refered to as tagging
>where the attributes in question are tagged with something like [1] [2]
>[3]
>so that SBR can distinguish them - or something like that :)
>
>So the big question is, can FreeRadius handle sending back multiple
>instances of the same attribute with different values?

Yes.  You can use something like this for your users file:

tunneluser   Auth-Type := Local, Password == "foobar"
      Tunnel-Type:1 = L2TP
      Tunnel-Medium-Type:1 = IP
      Tunnel-Server-Endpoint:1 = "10.20.30.2"
      Tunnel-Password:1 = "secret"
      Tunnel-Preference:1 = 1
      Tunnel-Type:2 = GRE
      Tunnel-Medium-Type:2 = IP
      Tunnel-Server-Endpoint:2 = "10.99.98.67"
      Tunnel-Preference:2 = 2

The :X after the attribute is the 'tag'.  The attributes that share a 
common tag value become a group.  The group with the lowest tunnel-pref 
value is tried first.  In the example above, that would be the L2TP tunnel, 
if the NAS can't do the L2TP tunnel, it will then try the GRE tunnel.

You can understand more if you read:

http://www.freeradius.org/rfc/rfc2868.html

There isn't a readme on this yet, so I guess I should create one.  :)

-Chris

-Chris


--
    \\\|||///  \          StarNet Inc.      \        Chris Parker
    \ ~   ~ /   \       WX *is* Wireless!    \   Director, Engineering
    | @   @ |    \   http://www.starnetwx.net \      (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
                   \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to