FreeRADIUS 3.0.1 [Proxy To Another Radius if Reject Received]
Alan DeKok
aland at deployingradius.com
Mon Jul 11 15:07:01 CEST 2016
On Jul 11, 2016, at 7:52 AM, Ibrahim Almahfooz via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> The purpose behind that is as you said the secondary DB is not allowed to
> be accessed by the first FR and vice versa. In addition to that, the
> secondary radius should not be facing our BRAS network for security
> reasons.
My simple answer is "don't do that". Your design is wrong.
There is no security gained by hiding RADIUS 2 from the BRAS, or by hiding database 2 from RADIUS 1.
Alan DeKok.
More information about the Freeradius-Users
mailing list