Multiple ippools and assigning them depending on realms

Uwe Freier uwe at freier.de
Wed Jul 20 14:11:33 CEST 2016 

Hello,

basically I got my freeradius (v 2.1.10, Ubuntu 14.04) working through 
the documentation but I reached a point where I don't know how to 
continue and therefore dare to ask for help here.
The radius does actually authentication of dial-in users and accounts 
their traffic. Some users have a static IP as a reply attribute, the 
others get dynamic IP addresses directly from the MX104
and this works without problems so far. Now the IP assignment should be 
switched to the radius and the IP addresses shall be assigned depending 
on the users' realms. The recent users with static IP addresses shall 
keep them, I hope to reach this with "override = no" in the ippool 
settings.

Therefore I set up 3 ippools (for 3 realms) as described in "Custom 
configuration" of the docs (-> modules/Rlm_ippool) but I'm not sure 
about the settings in ./sites-available/default concerning multiple 
ippools:

###
accounting {
     ...
     #  Return an address to the IP Pool when we see a stop record.
     # main_ippool
###

Should all 3 ippools be listed here?

     iIppool1
     iIppool2
     iIppool3


and in the same file:

###
post-auth {
         #  Get an address from the IP Pool.
         #  main_pool

###

This I don't really understand - is this an alternative to assigning ip 
addresses via ./users or is this a switch to enable the pool(s) 
generally? Should I list all ippools here?

         iIppool1
         iIppool2
         iIppool3


Because the 3 ippools shall be assigned to users depending on 3 realms, 
so my ./users at the end looks like:

DEFAULT Framed-Protocol == PPP
         Framed-Protocol = PPP,
         Framed-Compression = Van-Jacobson-TCP-IP,
         Framed-IP-Address = 255.255.255.254,
         Fall-Through = Yes

[...]

DEFAULT Realm == "realm1", Pool-Name:= ippool1
DEFAULT Realm == "realm2", Pool-Name:= ippool2
DEFAULT Realm == "realm3", Pool-Name:= ippool3

Is this a viable option?


I'm a bit confused because In "guide/Ippool and radius clients" there is 
an example where an ippool is assigned but no Framed-IP-Address:

DEFAULT Called-Station-Id == "testdhcpserver", Auth-Type := Accept,
Pool-Name := "main_pool"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP,

Isn't the setting "Framed-IP-Address = 255.255.255.254" necessary, can 
it be left out or assumes this example from the docs that it is already 
defined as a reply attribute at the users' definitions ?

Many thanks in advance, each hint is appreciated!

Uwe Freier

More information about the Freeradius-Users mailing list