Stefan A. wrote:
If you read it ‚one of the ideas of having different virtual servers is separation of policies for different NASses’ you are right.
Suman was asking on how to send several NASses into the same policy.
The simplest way to do it is to set *generic* policies, and then re-write them in post-auth. For example, define a "Policy-Name" attribute in the dictionary, and set it somewhere in the "authorize" section. Then: post-auth { ... if ("%{client:nas_type}" == "foo") { // map policies for client foo } elsif ("%{client:nas_type}" == "bar") { // map policies for client bar } ... } The underlying issue is that different NAS vendors have defined different attributes for the same functionality. An even simpler solution is to just return all of the VSAs to each NAS. As was said earlier, each NAS will ignore the ones it doesn't understand, and apply the ones it does. Alan DeKok.