NAS-IP vs srcIP

Phil Mayers p.mayers at
Thu Apr 1 22:27:23 CEST 2010

On 04/01/2010 05:39 PM, Marlon Duksa wrote:
> Hi everyone -
> Can anyone think of a reason why the NAS-IP and the scr-IP of the
> access-req packet should not be the same?
> If the NAS-IP is configurable in the NAS, then the NAS-IP can be set to
> the IP address other than the src-ip of the NAS that is used in reqular
> FreeRadius accounting/authorization packets. The source IP address of
> the NAS is normally the native interface address from which access-req
> was sent (but it can be configurable).
> The NAS-IP would be used to address NAS in CoA requests sent from the
> FreeRadius. We need this behavior to address certain deployment
> requirements.
> for example:
> IP prot:
>     srcIP:   dstIP:
> Radius prot:
>     code: access-request (1)
>     AVPs:
>          NAS-IP-Address:
> scrIP != NAS-IP-Address

Some NASes have >1 IP and you can select which source IP goes into the 
NAS-IP-Address; think for example a router with 2 connections to the 
network and a loopback interface used for management.

The UDP source *may* be the loopback, or the IP of the outbound 
interface, depending on the NAS implementation. If the latter, source IP 
can obviously change as routing changes.

I guess there are other reason, like NAT.

> Thanks,
> Marlon

More information about the Freeradius-Users mailing list