COA to multiple NAS

Alan DeKok aland at deployingradius.com
Thu Apr 7 14:56:28 CEST 2016


On Apr 7, 2016, at 2:58 AM, Mike <mike at hersham.net> wrote:
> 
> On 2016-04-06 16:50, Alan DeKok wrote:
>> RADIUS doesn't work with dynamic IPs.
> Effectively we have it working with Dynamic IPs because in Clients.conf we specify an IP range for a client and all our NAS devices share the same secret.
> 
> But this fix doesn't work for COA origination.

  I know.  As I said earlier, there is a work around.

> I haven't got to the correct stage in migrating from v2 to v3 to test whether we can still do this with clients in version 3. If not we've got a big headache!

  As I said, RADIUS is not designed to work with dynamic IPs.

  You have built a system based on *wrong* assumptions about how RADIUS works.  You can't fix RADIUS.  But you can run IPSec.

  Alan DeKok.




More information about the Freeradius-Users mailing list