LB layer - Issue with shared secret.
Alan DeKok
aland at deployingradius.com
Wed Nov 22 13:52:17 CET 2017
On Nov 22, 2017, at 4:56 AM, Andrea Mucci <andrea.mucci at outlook.com> wrote:
> I would like to use a load balance as the first layer proxy the requests on more than one radius server.
The load balancer should be aware of RADIUS. If it isn't, you have problems.
> In this way, the radius packet will always be sent from the same IP address, so we would have a problem with the shared secret.
Exactly.
> Can I do that freeradius retrieves client's information via NAS-IP-Address attribute and not via Sender IP Address?
No, that's not how RADIUS works.
Use a RADIUS-aware load balancer, *or* use the same shared secret for all NASes.
Alan DeKok.
More information about the Freeradius-Users
mailing list