RE: Proxy Client Source IP and Realm
Title: RE: Proxy Client Source IP and Realm Hello people, Just found this message on the archive, and I think I need something similar: > You want to do: > > DEFAULT Called-Station-Id == 1234, Proxy-To-Realm := "company.com" > Fall-Through = Yes > > DEFAULT Called-Station-Id == 2345, Proxy-To-Realm := "else.net" > Fall-Through = Yes If I do the above, will the realm information be changed somehow? I mean, if a dial-up client connects to station 1234 and logs in as [EMAIL PROTECTED], will freeradius proxy it to the servers defined for "company.com", but without changing it to [EMAIL PROTECTED] ? In other words, I want to proxy based on DNIS, not realm. Is this possible? Gelson
RE: Using ippool with two radius servers?
Title: RE: Using ippool with two radius servers? > From: Miquel van Smoorenburg [mailto:[EMAIL PROTECTED]] > > Why should I have 30.000 host routes > > Well, you're talking about 30.000 ports. If you are going to > assign each of them an IP address using radius, you need > a routing protocol to get the packets to the NAS. > > >All I have is one /17 > >summarized route. All those IP's are on the same CIDR block. > > Ah, you only have one terminal server with 30.000 ports on it? > In that case, route the /17 to that NAS and be done with it. > But you likely have tens or hundreds of NASes. > > Either you're way ahead of me, or you really need to think this over. I think I'm ahead of you :-) Believe me, routing is not an issue here, I do have a /17 block with summarized pools in a way that I only need one static route per NAS (there are 20 of them). No need to use dinamic routing. Chris also suggested I should learn a bit more about ip routing. Well, we should always learn more, isn't it? But after 18 years of experience in IP networks I think I known how to route packets. The answer I was looking for was given by Chris: the ip pool module can't handle a pool so large. Anyway, it can't syncronize pools of any size between two Radius servers, so I'll need to find another solution, or another Radius server. Thanks all, -- Gelson Dias Santos ([EMAIL PROTECTED]) Backbone & Network Security Vant Telecomunicações S.A. http://www.vant.com.br
RE: Using ippool with two radius servers?
Title: RE: Using ippool with two radius servers? > -Original Message- > From: Chris Parker [mailto:[EMAIL PROTECTED]] > > Is there a way to syncronize the ip databases > between two (or > > more) radius servers when using module ippool? If not, how > do we avoid > > giving the same ip to two users at the same time if the primay and > > secondary radius does not share infop about the ips already in use? > > Why would you not want the NAS to handle their own ip pools? > > -Chris This is the way things work right now, but I need to add different classes of services, like dial backup and VPDN using the same dial ports, and these services require different ip addresses than those in the NAS pools. So, I have to set different pools for different classes of users. I was thinking about use hints to differentiate users, so a user xxx.vpdn could match an entry like this: DEFAULT Hint == "vpdn", Pool-Name := vpdnpool But then, how do I avoid conflict when allocating IP's from pool vpdnpool if I have two Radius servers? Gelson
RE: Using ippool with two radius servers?
Title: RE: Using ippool with two radius servers? > -Original Message- > From: Miquel van Smoorenburg [mailto:[EMAIL PROTECTED]] > > Yes, I kown I can have 'N' different ip pools > configured, one for > >each NAS , but I'm talking about 30.000 dial ports, so I > can't allocate > >30.000 * N ips available. > > In that case you are also talking about 30.000 routes in your > internal routing protocol - and with that many dialup ports, > hundreds of route-flaps per second. > > It won't work. Your network and routers will fall over > and die screaming. Why should I have 30.000 host routes All I have is one /17 summarized route. All those IP's are on the same CIDR block. Back to the original question; can I have two Radius server managing the same IP address pool? Gelson
Using ippool with two radius servers?
Title: Using ippool with two radius servers? Is there a way to syncronize the ip databases between two (or more) radius servers when using module ippool? If not, how do we avoid giving the same ip to two users at the same time if the primay and secondary radius does not share infop about the ips already in use? Yes, I kown I can have 'N' different ip pools configured, one for each NAS , but I'm talking about 30.000 dial ports, so I can't allocate 30.000 * N ips available. Gelson
Re: IPPOOL
Title: Re: IPPOOL >> we have tried various things but cannot get it to give addresses based on >> the nas identifier. what are we doing wrong? > >That's not the idea behind the ip_pool module. The idea is to assign ip's from >the same pool to all the access servers and not maintain separate pools for each >nas. In any case if you want to assign different addresses to each nas you can Hummm... how do I route ip packets to users on different nas servers if they are on the same pool, hence on the same subnet? I mean, if user 1 connects on nas 1 and gets ip 192.168.1.1, then users 2 connects on nas 2 and gets the next ip, 192.168.1.2, how will my routers, servers etc know where to send their reply packets? Wen we have two different pools it's easy, just set a static route pointing the whole pool to the right server. With one big pool, how do I do it? I don't want to use RIP or anything like that to propagate tousands of host routes. Gelson
