[rbak-nsp] additional ID in Radius request

Denis Mikhaylovskiy denis.mikhaylovskiy at ericsson.com
Mon Jul 26 11:22:21 EDT 2010


Hi

Ok fine with me. 
But why just not use NAS-Port-Id as to-check attribute; in this case you don't need any perl hooks. 


/denis

-----Original Message-----
From: redback-nsp-bounces at puck.nether.net [mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of Dariusz Siedlecki
Sent: Monday, July 26, 2010 6:16 PM
To: redback-nsp at puck.nether.net
Subject: Re: [rbak-nsp] additional ID in Radius request

W dniu 26.07.2010 15:52, Denis Mikhaylovskiy pisze:
> Ok, understood,
>
> In this case you can distinguish by NAS-Port-Id for instance as it indicates form where DISCOVER comes.
> You can tune this attribute by issuing 'radius attribute nas-port-id format' command.
>
> And yes, IP will be allocated after receiving access-request until you are using external dhcp server.
>
>
>
> Cheers,
> /denis
>    
>
We do this, exactly in this way.
After that  - we are  getting in first radius request - information

this is from log - but it's similar to radius request.

Tue Mar  9 00:02:29 2010 : Auth: Login OK: [00:02:44:78:d4:21] (from 
client redback port 50397184 cli Redback#3/1#350#Agent-Circuit-Id Not 
Present#Remote-Agent-Id Not Present)

Where #3/1#350# is identifier of physical port 3/1 and 350 is pvc - in 
this case vlan.

In radius configuration we use perl script to check if request is made 
from proper PVC (comparing to radius database). If not - access is denied.

We need this because we had same service laptops, with the same MAC in 
different PVC (we have separate subnets with different PVC vlan id 
connected to separate clips service - about 200 vlan ids)

Best regards

Dariusz Siedlecki
NPLAY Ltd.
_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp



More information about the redback-nsp mailing list