RADIUS configuration based on source IP

[Jan.Weiss at t-systems.com]

>I have a variety of Cisco devices that require mutually incompatible values in a certain RADIUS attribute, Cisco-AVPair.  The way I have dealt with this in the past is with huntgroups -- I assign our engineer group on huntgroup1 to have Cisco-AVPair set to shell:roles=network-admin, while by default, the engineer group gets shell:priv-lvl=15.  So far, so good.  Problem is that we have another new kind of Cisco device that achieves engineer read-write with Cisco-AVPair set to shell:roles*admin.  I figured that I would just set up another huntgroup, but this device apparently also doesn't set NAS-IP-Address or NAS-Identifier, so the usual huntgroup mechanism doesn't work.

>My production environment currently uses Cistron.  But I'm planning to switch to freeradius.  Unfortunately, it looks to me like the same issue applies to freeradius.
>
>Help?  Is there any way to make a distinction between devices in the config without using huntgroups based on NAS-IP-Address or NAS-Identifier?
>
>Thanks!
>
>[I sent a very similar message to the cistron mailing list, BTW.  I'm looking for a solution for either program.]
>
>- Morty


Hi Morty,

i´m using a similar configuration with huntgroups for nexus and ios.
What devices are you having problems with?

Till now, all devices we use send the NAS-IP-Adress.
Perhaps we have the same device running, or getting the same problem in future.
If there is really a problem on the device, a case at cisco from two
customers will surely help to speed up the work. ;-)

Jan