LB layer - Issue with shared secret.

Alan DeKok aland at deployingradius.com
Wed Nov 22 13:52:17 CET 2017


On Nov 22, 2017, at 4:56 AM, Andrea Mucci <andrea.mucci at outlook.com> wrote:
> I would like to use a load balance as the first layer proxy the requests on more than one radius server.

  The load balancer should be aware of RADIUS.  If it isn't, you have problems.

> In this way, the radius packet will always be sent from the same IP address, so we would have a problem with the shared secret.

  Exactly.

> Can I do that freeradius retrieves client's information via NAS-IP-Address attribute and not via Sender IP Address?

  No, that's not how RADIUS works.

  Use a RADIUS-aware load balancer, *or* use the same shared secret for all NASes.

  Alan DeKok.




More information about the Freeradius-Users mailing list