(RADIATOR) RADIUS, L2TP, and IPSEC protocols

Hugh Irvine hugh at open.com.au
Sat Sep 28 19:16:00 CDT 2002


Hello Bon -

I am not quite sure what you are asking, but keep in mind that the 
Radius protocol is only used for the initial authentication and 
subsequent accounting for a particular connection request. In other 
words, the rest of the connection, be it L2TP or IPSEC, does not depend 
on radius at all.

If you are talking about the authentication phase itself, you are 
correct in saying that "these protocols do not mix well...", given that 
it is the radius protocol itself that has been "extended" to carry 
other protocols inside it. The real answer is a re-engineering of a AAA 
protocol, and that is what "Diameter" is.

If you are interested in this area, I suggest you have a look at the 
relevant IETF documents.

	http://www.ietf.org/internet-drafts/draft-ietf-aaa-diameter-12.txt

regards

Hugh


On Sunday, September 29, 2002, at 05:05 AM, Bon sy wrote:

> Hi everyone,
>
> 	I just started reading L2TP and IPSEC. I try to understand, but
> could not quite figure it out yet how to put in the proper context of
> RADIUS protocol. For example, can we have L2TP over IPSEC on top of 
> RADIUS
> protocol? Is it necessary? What are the (dis)advantage(s) it brings 
> forth?
> Or it's pretty much these protocols do not mix well with each
> other. Anyone in the group has any experience about this? What are the
> architectural options out there from the implementation point of view?
>
> 	Thanks!
>
> Bon
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list