[rbak-nsp] additional ID in Radius request

Dariusz Siedlecki siedar at pronet.lublin.pl
Mon Jul 26 10:27:28 EDT 2010


W dniu 26.07.2010 15:52, Denis Mikhaylovskiy pisze:

>  Ok, understood,
>
>  In this case you can distinguish by NAS-Port-Id for instance as it indicates form where DISCOVER comes.
>  You can tune this attribute by issuing 'radius attribute nas-port-id format' command.
>
>  And yes, IP will be allocated after receiving access-request until you are using external dhcp server.
>
>
>
>  Cheers,
>  /denis
>
>
We do this, exactly in this way.
After that  - we are  getting in first radius request - information

this is from log - but it's similar to radius request.

Tue Mar  9 00:02:29 2010 : Auth: Login OK: [00:02:44:78:d4:21] (from
client redback port 50397184 cli Redback#3/1#350#Agent-Circuit-Id Not
Present#Remote-Agent-Id Not Present)

Where #3/1#350# is identifier of physical port 3/1 and 350 is pvc - in
this case vlan.

In radius configuration we use perl script to check if request is made
from proper PVC (comparing to radius database). If not - access is denied.

We need this because we had same service laptops, with the same MAC in
different PVC (we have separate subnets with different PVC vlan id
connected to separate clips service - about 200 vlan ids)

Best regards

Dariusz Siedlecki
NPLAY Ltd.



More information about the redback-nsp mailing list