To all,
I currently use radreply to send numerous values to a Cisco 3030 VPN Device. These attributes are mainly sent based on username MySQL queries (Framed IP Addresses, DNS/WINS Entries, Domain Search Suffixes, etc.). I now would like use a new Cisco AV Pair CVPN3000-IPSec-IP-Compression. This AV Pair already has an entry in the dictionary.cisco.vpn3000 file; however, I am trying to think of the best way to implement its features. Setting this value to one turns LZS compression on which greatly benefits dial-up users; however, it slows down broadband users (per Cisco's documentation). Using LZS compression for all users across the board has also been known to saturate the device at a much faster pace.
I was trying to implement some logic based on either connection speed, Framed-Protocol, etc. that would be able to decipher if a user was coming in with a connection less than 128k. If so, then FreeRADIUS would send the Concentrator the particular reply with a value of 1. I was curious if anyone had any suggestions on the best approach to take?
You can use as a determining factor any attribute which is present in the Access-Request. With the wide variety of operators ( to include Regexp string expressions ) it shouldn't be too hard to determine whether it's a Dial or Broadband connection.
Alternatively, you could allow users to indicate through some method ( optional realm? ) whether they want compression. IE:
[EMAIL PROTECTED] get's LZS assigned user get's no compression
Then just strip the realm, or use 'Stripped-User-Name' for your password lookups.
-Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Wholesale Internet Services - http://www.megapop.net
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html