On 04/01/2010 05:39 PM, Marlon Duksa wrote:
Hi everyone - Can anyone think of a reason why the NAS-IP and the scr-IP of the access-req packet should not be the same?If the NAS-IP is configurable in the NAS, then the NAS-IP can be set to the IP address other than the src-ip of the NAS that is used in reqular FreeRadius accounting/authorization packets. The source IP address of the NAS is normally the native interface address from which access-req was sent (but it can be configurable). The NAS-IP would be used to address NAS in CoA requests sent from the FreeRadius. We need this behavior to address certain deployment requirements. for example: IP prot: srcIP: 1.1.1.1 dstIP: 2.2.2.2 Radius prot: code: access-request (1) AVPs: NAS-IP-Address: 3.3.3.3 scrIP != NAS-IP-Address
Some NASes have >1 IP and you can select which source IP goes into the NAS-IP-Address; think for example a router with 2 connections to the network and a loopback interface used for management.
The UDP source *may* be the loopback, or the IP of the outbound interface, depending on the NAS implementation. If the latter, source IP can obviously change as routing changes.
I guess there are other reason, like NAT.
Thanks, Marlon
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
