�-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED]
Gesendet: Mittwoch, 30. März 2005 12:46
An: freeradius-users@lists.freeradius.org
Betreff: Redundant Radius with Dynamic DataHello Group,
I am just about to set up a radius service and have managed to aquire 2 servers with a view to making the end product redundant.
Just to give you a little background. The radius system will be used for DSL authentication. The user will authenticate (indirectly via a cisco device) with their [EMAIL PROTECTED] & password. The server will then authorise the user and respond with a single attribute - their IP address.
The IP addresses (depending on which domain they are in) will be dynamically allocated from a pool of IP addresses. So far so good.
I don't intend to perform any load balancing of the traffic to the two radius servers. Therefore I was planning to use the features on the Cisco router to treat one server as primary and one as secondary (failover).
I will most likely use rsync to syncronise the config from the primary to the secondary. My problem (and hence the reason for this post) is that the primary would be holding accounting information regarding which IP addresses have been allocated to each user from the "pool" - thus avoiding any IP conflict on the edge network. I do not understand how I would be able to configure the two servers so that if the Primary failed the secondary would know which IPs had been allocated and continue to allocate from the remaining pool.
I have literally only just switched the servers on. I want to get this right from the start. If I cannot find a solution to this issue I have a back out plan that involves setting each user with a static IP, not ideal.
Is an SQL backend the best method? Would a shared SQL backend maintain the integrity of the allocated IP pool? I have experience with Freeradius and would like to continue with this platform, but is it the best one for what I am attempting?
I look forward to your responses to this question.
Best Regards,
Christopher Howarth RHCE
Network & Systems Development Consultant
Equinox Converged Solutions
Equinox Converged Solutions
Tel: +44 (0)1252 405 600
www.equinoxsolutions.com
Equinox Converged Solutions is a trading name of Synetrix Holdings Limited.
IMPORTANT NOTICE:
This message is intended solely for the use of the Individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Synetrix Holdings Limited. Synetrix Holdings Limited accepts no responsibility for loss or damage arising from its use, including damage from virus.
Title: Nachricht
Hello
Christopher,
here
is another suggestion:
dont
use ippools on radius, use it on the nacs. Then you let the radius decide wich
ippool to use on the nac by name.
The
bad thing is you have to care about pools on nacs, the good one is you haven't
to care about pool snyc.
It
works because you can name pools on nacs an the radius can tell the nac wich
pool to use.
Hope
that helps.
Best Regards,
Markus
