[36155] in North American Network Operators' Group
Re: RADIUS info for traveling users ...
daemon@ATHENA.MIT.EDU (Josh Richards)
Wed Mar 28 15:56:57 2001
Date: Wed, 28 Mar 2001 12:42:33 -0800
From: Josh Richards <jrichard@cubicle.net>
To: nanog@merit.edu
Message-ID: <20010328124232.A15817@datahaven.freedom.gen.ca.us>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj"
Content-Disposition: inline
In-Reply-To: <20010328200214.43757.qmail@web13208.mail.yahoo.com>; from xmohansundar@yahoo.com on Wed, Mar 28, 2001 at 12:02:14PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Mohan Sundar <xmohnsundar@yahoo.com> [20010328 11:56]:
>=20
> What i understand is policies are stored in
> a centralized policy server, and these are
> pushed to the Access Servers thru some mechanism,
> like SNMP or file transfer, etc. What is achieved
> by RADIUS is just getting pointer (like filter name)
> to the policy corresponding to
> a subscriber when a subscriber dials in, and
> dynamically binding that to the access interface
> in the access server.
Yes and no. :) It is somewhat implementation dependent. There are some
RADIUS client/servers that can transfer and install the filter directly via
RADIUS. While others build the filters in other ways -- some directly on
the NAS or with some other daemon that works in conjunction with RADIUS
and the NAS.=20
> How are these policies then dynamically generated,
> based on the IP address that is dynamically
> assigned? Do policy servers also have policies
> based on subscriber-name (or ID)? What is the
> interaction between policy server and RADIUS?
See above. :) Livingston (the now defunct maker of the PortMaster line)
had a separate RADIUS-like protocol called ChoiceNet(tm) that you could=20
use to dump dynamic/static filters to the NAS. It had no direct interaction
with the RADIUS server but the RADIUS client (the PortMaster) had to know to
request the filter from the ChoiceNet server. The filter name itself would
typically be specified in the RADIUS profile.
You might get better answers from the RADIUS IETF WG list (which I believe
is still active...I dropped myself from it several months ago) and perhaps
more "bigger picture" answers from the NASREQ IETF WG.=20
<URL:http://www.ietf.org/>
Regards,
-jr
----
Josh Richards [JTR38/JR539-ARIN]
<jrichard@geekresearch.com/cubicle.net/fix.net/freedom.gen.ca.us>
Geek Research LLC - <URL:http://www.geekresearch.com/>
IP Network Engineering and Consulting
--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjrCTLYACgkQ8VgqD3XNPNUmNwCgtkF+oRPmDwcvK0NvNYdbUmU2
+egAoNkTCObg0KKvA9FkV+zwa/E5c4LI
=zfbI
-----END PGP SIGNATURE-----
--9amGYk9869ThD9tj--
