Re: NAS-Group? - different replies to different NASes?

[Phil Mayers <p.mayers@imperial.ac.uk>]

Ivan Kalik wrote:
> > A: I have a set of "master" tunnel attributes that I always have to send to
> > this Telco.
> > i.e. Service-type, Tunnel-Type, Tunnel-Preference, Tunnel-password,
> > Tunnel-Server-Endpoint..etc
> > The way this Telco obtains these attributes is by sending the
> > Username/Password combination my way. (i.e. I need to authenticate
> > userxyz@telco.com).  Once I see that user come through from their boxes (3
> > Static IPs) I have to send back to them the tunnel attributes above.  Once
> > the tunnel attributes were sent, they establish an L2TP tunnel to my LNS and
> > my LNS now asks my Radius server again to authenticate the user.  So I see
> > the same userxyz@telco.com requesting to be authenticated.  Since I
> > currently cannot distinguish between NASes I am sending the same Tunnel
> > Attributes to my LNS which causes my LNS to try to initiate a tunnel back to
> > itself (because the Tunnel-Server-Endpoint attribute is the actual LNS).
> > ++++++++++++++++++++++++++++++++++++++
>
> This is very strange. 

No, that's a pretty standard setup for resold ADSL, certainly in the UK 
and I think other countries as well.

> That information should be on telco radius server,
> not yours. It should not have to proxy requests to you. They ought to
> know the tunnel endpoint - *they* gave you the IP to set on your
> router when they leased you the line.

From the sound of it, it's not a leased line or similar; as I say, 
resold ADSL generally works this way.