--On 01 April 2010 09:39 -0700 Marlon Duksa <mdu...@gmail.com> wrote:
Hi everyone -
Can anyone think of a reason why the NAS-IP and the scr-IP of the
access-req packet should not be the same?
If the NAS-IP is configurable in the NAS, then the NAS-IP can be set to
the IP address other than the src-ip of the NAS that is used in reqular
FreeRadius accounting/authorization packets. The source IP address of the
NAS is normally the native interface address from which access-req was
sent (but it can be configurable).
The NAS-IP would be used to address NAS in CoA requests sent from the
FreeRadius. We need this behavior to address certain deployment
requirements.
Radius proxying!
An incoming radius packet may come via a proxy. Therefore that packet's
src.ip = the proxies IP.
The NAS-IP-Address attribute is set to whatever the NAS wants to send.
Whether you can address a COA to the NAS-IP-Address depends on whether:
* The NAS chose/was configured to send the IP it's COA listener is bound to
in the NAS-IP-Address attribute.
* Whether you can access that IP/port directly - If your NAS is configured
only to talk via a RADIUS proxy, and everything else is firewalled out,
direct replies (COA or otherwise) won't work.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
