One client, multiple NAS-Port-Types
Alan DeKok
aland at deployingradius.com
Wed Jun 1 20:32:27 CEST 2011
Arran Cudbard-Bell wrote:
> You can do an internal proxy, but last time I checked multiple chained internal proxies were broken (I tried something very similar a few years ago).
You can proxy to one virtual server. But that request can't be
proxied again. It's too awkward to deal with that.
> So
>
> external-server (with listen block)
>> assignment-logic
>> proxy-to "eap-radius"
>>> eap-radius
>>> proxy-to "eap-radius-inner" (breaks here)
Hmm, yes.
> Alan DeKok may have fixed it in the interim period.
Nope. :(
Most of the code is there (especially in 3.0). But it's disabled
because I'm unsure as to what the side effects are, and haven't had any
time to look at it.
> It's a particularly nice setup as it lets you drop in additional servers to support new devices really easily, and then if one type of NAS is smart enough to direct different types of requests (cli, 802.1X) to different servers, you can always use listen blocks in the different virtual servers, so that they can deal with requests sent to a particular IP alias or port, as well as internal requests.
>
> Policies can be defined in policy.conf to share code between servers etc...
>
> IMHO this is the best way to organise a server that serves many different types of NAS... if only it worked :)
There might be a better way. I'll see if I have time in the next few
months.
Alan DeKok.
More information about the Freeradius-Users
mailing list