NAS-IP vs srcIP
Phil Mayers
p.mayers at imperial.ac.uk
Thu Apr 1 22:27:23 CEST 2010
On 04/01/2010 05:39 PM, Marlon Duksa wrote:
> Hi everyone -
> Can anyone think of a reason why the NAS-IP and the scr-IP of the
> access-req packet should not be the same?
>
> If the NAS-IP is configurable in the NAS, then the NAS-IP can be set to
> the IP address other than the src-ip of the NAS that is used in reqular
> FreeRadius accounting/authorization packets. The source IP address of
> the NAS is normally the native interface address from which access-req
> was sent (but it can be configurable).
>
> The NAS-IP would be used to address NAS in CoA requests sent from the
> FreeRadius. We need this behavior to address certain deployment
> requirements.
>
>
>
> for example:
>
> IP prot:
> srcIP: 1.1.1.1 dstIP: 2.2.2.2
> Radius prot:
> code: access-request (1)
> AVPs:
> NAS-IP-Address: 3.3.3.3
>
>
> scrIP != NAS-IP-Address
Some NASes have >1 IP and you can select which source IP goes into the
NAS-IP-Address; think for example a router with 2 connections to the
network and a loopback interface used for management.
The UDP source *may* be the loopback, or the IP of the outbound
interface, depending on the NAS implementation. If the latter, source IP
can obviously change as routing changes.
I guess there are other reason, like NAT.
>
> Thanks,
> Marlon
>
More information about the Freeradius-Users
mailing list