IP Pool for Ethernet
Alan DeKok
aland at deployingradius.com
Wed Mar 2 08:00:10 CET 2011
Groebl, Laurence (Laurence) wrote:
> Hello Alan,
>
> Yes, according to the documentation of the Juniper Gateway, the gateway should be able to understand the Radius attribute 8 "Framed-IP-Address" in the Access-Accept message, but it seems that it also need the attribute 88 " Framed-Pool".
>
> This is described in "Concepts & Examples ScreenOS Reference Guide, User Authentication document", chapter "Framed Pool and Framed IP Address" page 26,
> http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_UserAuth.pdf
>
> And then the Gateway should be able to send this address in the IKEv2 configuration payload to the IPsec client (this ikev2 interface is already working with local address assignment in the gateway, we tested it).
So... send those attributes back in an Access-Accept. You don't need
to configure IP Pools to return a bogus Framed-IP-Address.
If that works, *then* you should consider configuring IP pools. Until
then, you're 2-3 steps ahead of yourself.
Alan DeKok.
More information about the Freeradius-Users
mailing list