suggestions for multiple vlans in hundreds of switches
p.mayers at imperial.ac.uk
Sat Apr 21 14:40:40 CEST 2007
Arran Cudbard-Bell wrote:
> Wow this is going to speed stuff up so much !
We use this trick extensively. It works really well.
> Ahh yes, I just got how this could work... because to deal with the
> contents of the eap tunnel freeradius proxies it to itself...
Yes. And if you set "copy_request_to_tunnel = yes" the attributes from
the real packet get copied to the tunneled one - e.g. NAS-IP-Address,
NAS-Port, etc. so you can still act on those attributes.
> And though your only writing the reply attributes to the tunnel , when
> the tunneled request comes back,
> the attributes will be used in the main packet sent back to the NAS,
> including the eap message from the proxied request ...
Provided you have "use_tunneled_reply = yes"
> Is the proxying to self new behaviour ?
> I know the Authz-Type and Auth-Type stuff is only in CVS so you must not
> have been able to do it in 1.1* ?
Erm, no. They've been around a long time.
More information about the Freeradius-Users