Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RADIUS info for traveling users ...

  • From: Josh Richards
  • Date: Wed Mar 28 15:57:53 2001

* Mohan Sundar <> [20010328 11:56]:
> What i understand is policies are stored in
> a centralized policy server, and these are
> pushed to the Access Servers thru some mechanism,
> like SNMP or file transfer, etc. What is achieved
> by RADIUS is just getting pointer (like filter name)
> to the policy corresponding to
> a subscriber when a subscriber dials in, and
> dynamically binding that to the access interface
> in the access server.

Yes and no. :) It is somewhat implementation dependent.  There are some
RADIUS client/servers that can transfer and install the filter directly via
RADIUS.  While others build the filters in other ways -- some directly on
the NAS or with some other daemon that works in conjunction with RADIUS
and the NAS. 

> How are these policies then dynamically generated,
> based on the IP address that is dynamically
> assigned? Do policy servers also have policies
> based on subscriber-name (or ID)? What is the
> interaction between policy server and RADIUS?

See above. :)  Livingston (the now defunct maker of the PortMaster line)
had a separate RADIUS-like protocol called ChoiceNet(tm) that you could 
use to dump dynamic/static filters to the NAS.  It had no direct interaction
with the RADIUS server but the RADIUS client (the PortMaster) had to know to
request the filter from the ChoiceNet server.  The filter name itself would
typically be specified in the RADIUS profile.

You might get better answers from the RADIUS IETF WG list (which I believe
is still active...I dropped myself from it several months ago) and perhaps
more "bigger picture" answers from the NASREQ IETF WG. 



Josh Richards [JTR38/JR539-ARIN]
Geek Research LLC - <URL:>
IP Network Engineering and Consulting

Attachment: pgp00043.pgp
Description: PGP signature

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.