Thanks for your response Chris. We have thousands of users so having them login with different usernames probably will not be an option. The only value that I could find that may work would be the Connect-Info atttribute; however, I am still a little confused at how it would be implemented?
Chris DeRamus
OCIO VPN Administrator
SAIC
-----Original Message-----
From: Chris Parker [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 29, 2004 1:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Radreply Implementation Question
At 11:40 AM 1/29/2004, Deramus, Chris wrote:
>To all,
>
>I currently use radreply to send numerous values to a Cisco 3030 VPN
>Device. These attributes are mainly sent based on username MySQL queries
>(Framed IP Addresses, DNS/WINS Entries, Domain Search Suffixes, etc.). I
>now would like use a new Cisco AV Pair CVPN3000-IPSec-IP-Compression. This
>AV Pair already has an entry in the dictionary.cisco.vpn3000 file;
>however, I am trying to think of the best way to implement its features.
>Setting this value to one turns LZS compression on which greatly benefits
>dial-up users; however, it slows down broadband users (per Cisco's
>documentation). Using LZS compression for all users across the board has
>also been known to saturate the device at a much faster pace.
>
>I was trying to implement some logic based on either connection speed,
>Framed-Protocol, etc. that would be able to decipher if a user was coming
>in with a connection less than 128k. If so, then FreeRADIUS would send the
>Concentrator the particular reply with a value of 1. I was curious if
>anyone had any suggestions on the best approach to take?
You can use as a determining factor any attribute which is present in the Access-Request. With the wide variety of operators ( to include Regexp string expressions ) it shouldn't be too hard to determine whether it's a Dial or Broadband connection.
Alternatively, you could allow users to indicate through some method ( optional realm? ) whether they want compression. IE:
[EMAIL PROTECTED] get's LZS assigned
user get's no compression
Then just strip the realm, or use 'Stripped-User-Name' for your password lookups.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
