On 04/01/2010 05:39 PM, Marlon Duksa wrote:
Hi everyone -
Can anyone think of a reason why the NAS-IP and the scr-IP of the
access-req packet should not be the same?
If the NAS-IP is configurable in the NAS, then the NAS-IP can be set to
the IP address other than the src-ip of the NAS that is used in reqular
FreeRadius accounting/authorization packets. The source IP address of
the NAS is normally the native interface address from which access-req
was sent (but it can be configurable).
The NAS-IP would be used to address NAS in CoA requests sent from the
FreeRadius. We need this behavior to address certain deployment
requirements.
for example:
IP prot:
srcIP: 1.1.1.1 dstIP: 2.2.2.2
Radius prot:
code: access-request (1)
AVPs:
NAS-IP-Address: 3.3.3.3
scrIP != NAS-IP-Address
Some NASes have >1 IP and you can select which source IP goes into the
NAS-IP-Address; think for example a router with 2 connections to the
network and a loopback interface used for management.
The UDP source *may* be the loopback, or the IP of the outbound
interface, depending on the NAS implementation. If the latter, source IP
can obviously change as routing changes.
I guess there are other reason, like NAT.
Thanks,
Marlon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html