The problem is that the hotspots can be anywhere. They are mostly behind ADSL lines. The source ip address of the radius packet is therefore not predictable.
Ahem, it's not. But subnet is. There can't be that many IP pools ADSL providers can use. And you configure the subnet, not exact IP in dynamic-clients. Just make one for each ADSL pool.
The only other way I can thing of is identifying the nas by the NAS-Identifier.
Why "other"? That's a bad idea.
To sum up. Currently a nas is "authenticated" by ip address/radius secret. I feel that being able to "authenticate" a nas by nas identifier/radius secret is a very good enhancement.
I'm sure that I'm not the only one that have NAS's behind dynamic IPs, and this would make radius traffic from such NAS's much more secure.
No, that would be less secure. Enhancement woud be to have NAS-Identifier *on top* of Packet-Src-IP-Address. Then you could assign individual shared secrets to each hotspot (at present whole range has to have same shared secret). Ivan Kalik Kalik Informatika ISP