2.x.x and radtest: no IPv6?
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Jul 22 15:32:56 CEST 2013
On 22 Jul 2013, at 14:15, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 22/07/13 13:47, Arran Cudbard-Bell wrote:
>>
>> It'd be nice to get some feedback from people though... do you think
>> you'll ever need to record both your NAS IPv4 and IPv6 addresses?
>>
>> I'm guessing for dual stacking it'd be nice to record
>> Framed-IP-Address and Framed-IPv6-Prefix, should they both be used to
>> identify clients in areas like session management? It seems like the
>> safest way of doing it to me.
>
> Yes. It's important to record them separately, and useful for the reasons you suggest.
For the NAS too? Or would it be OK to have a single attribute?.
>>
>> But would it break things? What if the NAS started just using the SRC
>> IPv6 address in packets, and source IP protection was enabled? Does
>> this happen in the real world?
>
> Not sure I follow here; can you expand on this?
Envisaging use in session identification. If the NAS was dumb, and was just looking at packets coming from one of it's directly connected devices, and pulling off the SRC IP address and using it to enrich Accounting-Requests, you may have that IP change during the course of a session.
I doubt any NAS vendors are quite that stupid, but just wanted confirmation.
>> I don't have any experience managing an IPv6 enabled network. Does
>> anyone else? Or is it all too new?
>
> "It's complicated".
>
> I've replied to your email on -devel.
OK. Thanks.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list