Setting different IDLE-TIMEOUTS based on IP Address

John Giordano john.giordano at ttmi.us
Tue Apr 16 21:05:45 CEST 2013


Alan,

Interesting…

So I man’ed unlang and then did some more reading on huntgroups and the users file.  If at all possible I think we would opt for a combo of the huntgroups/users file approach.  I am still not clear as to how we would do this though….

Could you please speak to the interrelationship between the clients file and the huntgroups file?

For examples this is what we have in our clients config file now (with our internal IP’s changed for obfuscation’s sake):

client 10.99.3.0/24 {
        secret          =    XXXXXXX
        shortname       = MSP 7345’s
}

client 10.3.99.0/24 {
        secret          = XXXXXX
        shortname       = SNJ 7000 Switches
}

These are the two different equipment types we would like to have different IDLE-TIMEOUTs for.

My first question is that every huntgroups file example I have seen on the Net uses a per NAS definition:

raleigh        NAS-IP-Address == 192.168.1.101
raleigh        NAS-IP-Address == 192.168.1.102
raleigh        NAS-IP-Address == 192.168.1.103
premium        NAS-IP-Address == 192.168.1.101, NAS-Port-Id == 0-4
               Group = premium,
               Group = staff

I would rather not have to define 254 different entries in our huntgroups file (254 hosts in a Class C obviously).  Can I use a netmask somehow in the huntgroups file?

In pseudo parlance this is what I am trying to accomplish in huntgroups:

MSP 7345’s NAS-IP-Address == 10.99.3.0/24
                IDLE-TIMEOUT = 1800

SNJ 7000 NAS-IP-Address ==  10.3.99.0/24
                IDLE-TIMEOUT = 60

Thanks!

-jg



From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
Sent: Tuesday, April 16, 2013 10:45 AM
To: John Giordano; freeradius-users at lists.freeradius.org
Subject: Re: Setting different IDLE-TIMEOUTS based on IP Address

If your NAS can take such a value then it can be assigned. Either via eg users file and huntgroup or via eg unlang

if(%{NAS-Ip-Address} == "192.168.1.1") {
 update reply {
  Attribute = XYZ
 }
}

..'man unlang' for more info

alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130416/55958866/attachment.html>


More information about the Freeradius-Users mailing list