> > Main server check if the framed IP is within the correct pool, if not > > reject. > > IMHO a cleaner solution would be for you to assign the IP addresses > yourself. > Yeap, I think so too. But how to do this if the authentication is done on a remote server?