North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: RADIUS info for traveling users ...
- From: Josh Richards
- Date: Wed Mar 28 15:57:53 2001
* Mohan Sundar <email@example.com> [20010328 11:56]:
> What i understand is policies are stored in
> a centralized policy server, and these are
> pushed to the Access Servers thru some mechanism,
> like SNMP or file transfer, etc. What is achieved
> by RADIUS is just getting pointer (like filter name)
> to the policy corresponding to
> a subscriber when a subscriber dials in, and
> dynamically binding that to the access interface
> in the access server.
Yes and no. :) It is somewhat implementation dependent. There are some
RADIUS client/servers that can transfer and install the filter directly via
RADIUS. While others build the filters in other ways -- some directly on
the NAS or with some other daemon that works in conjunction with RADIUS
and the NAS.
> How are these policies then dynamically generated,
> based on the IP address that is dynamically
> assigned? Do policy servers also have policies
> based on subscriber-name (or ID)? What is the
> interaction between policy server and RADIUS?
See above. :) Livingston (the now defunct maker of the PortMaster line)
had a separate RADIUS-like protocol called ChoiceNet(tm) that you could
use to dump dynamic/static filters to the NAS. It had no direct interaction
with the RADIUS server but the RADIUS client (the PortMaster) had to know to
request the filter from the ChoiceNet server. The filter name itself would
typically be specified in the RADIUS profile.
You might get better answers from the RADIUS IETF WG list (which I believe
is still active...I dropped myself from it several months ago) and perhaps
more "bigger picture" answers from the NASREQ IETF WG.
Josh Richards [JTR38/JR539-ARIN]
Geek Research LLC - <URL:http://www.geekresearch.com/>
IP Network Engineering and Consulting
Description: PGP signature