a router as NAS

Alan DeKok aland at deployingradius.com
Wed Jul 18 23:39:29 CEST 2012 

Si St wrote:
> Taking a glimps at the page
> http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/Sw8021x.html#wp1033659

  So... why are you reading random pages on the net?  And not the pages
we suggested you read?

> it seemes obvious to me that I have misunderstood a few things:
> I thought I needed something EXTRA that should run a NAS request to the
> radius-server, and thought the router should do the job.

  You're mixing up terminology.  Get it right, or you'll *never*
understand what's going on.

> But the NAS is there already in the freeradiusserver downloadfile
> installed together with the server.

  What the heck does that mean?

> Looking at what the radtest is
> spitting out it is there with its NAS IP and port "Sending
> Access-Request".
> The radiud -X answers this request:"rad_recv: Access-Request......[pap]
> User authenticated successfully
> ++[pap] returns ok...........

  Well... you've completely misunderstand everything about that.

> Were there no NAS already, the radiusd would not have answered. Simple
> as that.

  No.  Absolutely not.  Not "simple as that".

> From this it is of course obvious to me that it is impossible
> that the router can run a NAS,

  No.  Many routers do send RADIUS Access-Request packets.

> and I can understand Buxeys resignation
> about my "very special router".

  No.  You thought that the router would accept RADIUS packets from a
third party, and then send them to the RADIUS server.  Routers don't
work like that.  Hence his comment of "very special router".

> The router can only direct or rather
> route the userclient message to the NAS-radius machinery.

  You're using terminology you invented.

  STOP IT NOW.

  Your misconception of how everything works is making it IMPOSSIBLE for
you to understand ANYTHING.

> That is what
> the router's EAP-switch is for, letting me configure an IP and a port in
> that box where to send it, have it treated by the
> NAS/radclient/radserver and receive an OK or something to let me through
> to the f.ex. internet. Isn't this correct?

  It's complete nonsense.  You might as well be writing gibberish.

> If this is correct everything is simplified to just find out how to
> network this.
> Am I closer now?

  You're even further away from understanding how it works.

  Read the Wikipedia pages on RADIUS and EAP.  It's really not hard.

  Alan DeKok.

More information about the Freeradius-Users mailing list