Multiple shared secret per IP?

Brian Julin BJulin at clarku.edu
Mon Feb 13 16:20:15 CET 2017


Chris Taylor (chtaylo2) <chtaylo2 at cisco.com> wrote:

> Is it possible to have multiple secret strings per IP or maybe different domains per IP?  If not, any recommendations?

Validating the shared secret is one of the very first things done in the RADIUS protocol;
if it is not valid, the rest of the data in the packet is not trusted, so there is no trustworthy data
outside the IP header to multiplex on.

If the monitor utility can send  to a different UDP port, I'd just do that and treat them like two different
clients.  The only hitch is the monitor could stay up when the service goes down if there is a firewalling
SNAFU.  If the only purpose of this test is for internal reachability determinations, see if using
Status-Server is a possibility.

Setting up end-to-end testing with a "real" client is sometimes advisable and makes the use of internal
test clients a moot point.



More information about the Freeradius-Users mailing list