Matching a value within an IP subnet
Brian Candler
B.Candler at pobox.com
Sun Oct 17 10:49:27 CEST 2010
In clients.conf, you can match a whole subnet of source IPs with one rule:
client 192.0.2.0/27 {
secret = testing123-1
shortname = ADSL-BRAS
}
But is it possible to do the same to match a range of IPs in an attribute
like NAS-IP-Address? I want to tag a collection of NASes from the same
subnet with a control attribute (but which may be talking via a proxy, not
directly). Perhaps something like:
192.0.2.0/27 NAS-Group := "ADSL-BRAS"
or
DEFAULT NAS-IP-Address =~ 192.0.2.0/27, NAS-Group := "ADSL-BRAS"
I've had a look at paircmp() in src/lib/valuepair.c and can't see any logic
which might do this.
Are there any options you can suggest, short of expanding the subnet into a
list of its constituent IPs?
Thanks,
Brian.
More information about the Freeradius-Users
mailing list