[rbak-nsp] additional ID in Radius request
Denis Mikhaylovskiy
denis.mikhaylovskiy at ericsson.com
Mon Jul 26 11:22:21 EDT 2010
Hi
Ok fine with me.
But why just not use NAS-Port-Id as to-check attribute; in this case you don't need any perl hooks.
/denis
-----Original Message-----
From: redback-nsp-bounces at puck.nether.net [mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of Dariusz Siedlecki
Sent: Monday, July 26, 2010 6:16 PM
To: redback-nsp at puck.nether.net
Subject: Re: [rbak-nsp] additional ID in Radius request
W dniu 26.07.2010 15:52, Denis Mikhaylovskiy pisze:
> Ok, understood,
>
> In this case you can distinguish by NAS-Port-Id for instance as it indicates form where DISCOVER comes.
> You can tune this attribute by issuing 'radius attribute nas-port-id format' command.
>
> And yes, IP will be allocated after receiving access-request until you are using external dhcp server.
>
>
>
> Cheers,
> /denis
>
>
We do this, exactly in this way.
After that - we are getting in first radius request - information
this is from log - but it's similar to radius request.
Tue Mar 9 00:02:29 2010 : Auth: Login OK: [00:02:44:78:d4:21] (from
client redback port 50397184 cli Redback#3/1#350#Agent-Circuit-Id Not
Present#Remote-Agent-Id Not Present)
Where #3/1#350# is identifier of physical port 3/1 and 350 is pvc - in
this case vlan.
In radius configuration we use perl script to check if request is made
from proper PVC (comparing to radius database). If not - access is denied.
We need this because we had same service laptops, with the same MAC in
different PVC (we have separate subnets with different PVC vlan id
connected to separate clips service - about 200 vlan ids)
Best regards
Dariusz Siedlecki
NPLAY Ltd.
_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp
More information about the redback-nsp
mailing list