Antw: Re: How many NAS kann radius take?

Anja Ruckdaeschel Anja.Ruckdaeschel at
Mon Mar 3 10:07:29 CET 2014

Thank you for the hints and tipps. 
A single request is much faster now, since we are not using the
huntgroups file any more but client xlat.

We are waiting for our students coming back from holidays to check 
if the fix did it.

We are also still talking to our vendor about changing the udp source port
when doing more than 256 in-flight requests. 

Thank you all very much.


>>> Alan DeKok <aland at> 14.02.2014 03:17 >>>
Anja Ruckdaeschel wrote:
> Every nas has an entry in an include file for clients.conf like:
> client {
>         secret = ***************
>         shortname = blafasel
>         nastype = other
> }

  That's fine.

> and an entry per NAS in an include file for huntrgoups like:
> ap Client-IP-Address == x.x.x.x
> ap NAS-IP-Address == x.x.x.x

  That's terrible.  Don't do that.  Ever.

  Instead, put the client group information into the "client" section:

client {
        secret = ***************
        shortname = blafasel
        nastype = other
	group = ap

  Then do policy checking via %{client:group} instead of Huntgroup-Name.
 It will do the same thing, and will be *enormously* faster.

  As a general rule, if you're doing tens of checks, it's OK to put them
into a flat-text file.  If you're doing thousands of checks, you should
really put them into a database.

  Alan DeKok.
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list