Multiple ippools and assigning them depending on realms

Uwe Freier uwe at
Wed Jul 20 14:11:33 CEST 2016


basically I got my freeradius (v 2.1.10, Ubuntu 14.04) working through 
the documentation but I reached a point where I don't know how to 
continue and therefore dare to ask for help here.
The radius does actually authentication of dial-in users and accounts 
their traffic. Some users have a static IP as a reply attribute, the 
others get dynamic IP addresses directly from the MX104
and this works without problems so far. Now the IP assignment should be 
switched to the radius and the IP addresses shall be assigned depending 
on the users' realms. The recent users with static IP addresses shall 
keep them, I hope to reach this with "override = no" in the ippool 

Therefore I set up 3 ippools (for 3 realms) as described in "Custom 
configuration" of the docs (-> modules/Rlm_ippool) but I'm not sure 
about the settings in ./sites-available/default concerning multiple 

accounting {
     #  Return an address to the IP Pool when we see a stop record.
     # main_ippool

Should all 3 ippools be listed here?


and in the same file:

post-auth {
         #  Get an address from the IP Pool.
         #  main_pool


This I don't really understand - is this an alternative to assigning ip 
addresses via ./users or is this a switch to enable the pool(s) 
generally? Should I list all ippools here?


Because the 3 ippools shall be assigned to users depending on 3 realms, 
so my ./users at the end looks like:

DEFAULT Framed-Protocol == PPP
         Framed-Protocol = PPP,
         Framed-Compression = Van-Jacobson-TCP-IP,
         Framed-IP-Address =,
         Fall-Through = Yes


DEFAULT Realm == "realm1", Pool-Name:= ippool1
DEFAULT Realm == "realm2", Pool-Name:= ippool2
DEFAULT Realm == "realm3", Pool-Name:= ippool3

Is this a viable option?

I'm a bit confused because In "guide/Ippool and radius clients" there is 
an example where an ippool is assigned but no Framed-IP-Address:

DEFAULT Called-Station-Id == "testdhcpserver", Auth-Type := Accept,
Pool-Name := "main_pool"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP,

Isn't the setting "Framed-IP-Address =" necessary, can 
it be left out or assumes this example from the docs that it is already 
defined as a reply attribute at the users' definitions ?

Many thanks in advance, each hint is appreciated!

Uwe Freier

More information about the Freeradius-Users mailing list