Dynamic Attributes Based on NAS Type !

Michael Hartwick hartwick at hartwick.com
Sat Oct 8 19:48:37 CEST 2011 

It may not be pretty, but why not just sent all 3 sets of VSA's. If the NAS
doesn't recognize it won't it just ignore the attribute?

 

From: freeradius-users-bounces+hartwick=hartwick.com at lists.freeradius.org
[mailto:freeradius-users-bounces+hartwick=hartwick.com at lists.freeradius.org]
On Behalf Of Suman Dash
Sent: Saturday, October 08, 2011 13:08
To: FreeRadius users mailing list
Subject: Re: Dynamic Attributes Based on NAS Type !

 

To be specific , I am concerned about the QoS VSA's .

For Example.

Mikrotik NAS - Mikrotik-Rate-Limit 
Chillispot - Chillispot-Max-UP , Chillispot-Max-Down
Cisco - Cisco-Policy-UP , Cisco-Policy-Down

Now if the user logged from different NAS's the VSA will differ so it is not
possible to have a single entry in radgroupreply or radreply pertaining to a
kind of NAS. 

I guess that this is not an out of the box feature in freeradius , instead i
need to use some kind of custom script in Post-Auth section which will check
the NAS Type and reply out the correct VSA's

I am looking for a unique identifier from NAS by which freeradius can
understand what type of NAS it is. I tried it and it seems that i have no
control on the Access-Request sent by NAS to freeradius.

The only idea which currently comes into my mind is to use nas.type value in
DB but incase the NAS Type is incorrectly specified reply attributes will go
nuts .

So any idea if there are any unique identifiers ?

Regards
Suman

On Sat, Oct 8, 2011 at 9:40 PM, Stefan A. <a.freeradius at premit.de> wrote:

 

Suman,

As you did not say anything about the exact attributes, you will send to the
NAC, here is how we do this:

 

we are also using different NAS and have to reply with different VSAs for
setting up the QOS.

We use the "existence of a specific VSAs"  (specified per NAS type) in the
request to select the VSAs to be used in responses.

 

e.g: if we found the Starent Networks VSA 'SN-Service-Type' in the request,
we reply with 'SN-QOS-Profile' to set up QoS

This is save, as we won't see any Starent VSAs in Cisco or Chillispot
NASses.

 

To make this flexible, we have set up our own VSA to configure users QOS,
which is then translated into the specific reply attributes for the NAS, the
user is currently using.

 

Regards

Stefan

 

From: freeradius-users-bounces+a.freeradius=premit.de at lists.freeradius.org
[mailto:freeradius-users-bounces+a.freeradius
<mailto:freeradius-users-bounces%2Ba.freeradius>
=premit.de at lists.freeradius.org] On Behalf Of Suman Dash
Sent: Saturday, October 08, 2011 4:40 PM
To: FreeRadius users mailing list
Subject: Dynamic Attributes Based on NAS Type !

 

Hi Everyone ... Currently i am planning to integrate freeradius with
different NAS like Chillispot , Cisco etc and enable roaming users so that
they can log in from any of the NAS. 

As the reply items are different with different NAS , i am looking for ideas
how to enable a single user to roam and connect from different NAS.

In my case i think static reply items are not possible per user wise or per
groupwise so my question is what trick can be used to achieve the same.

I had not tried anything as i have no clue on the same so some highlights on
the approach will be a good starting point for me.

Cheers
Suman


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111008/c3f0ca0e/attachment.html>

More information about the Freeradius-Users mailing list