(RADIATOR) Proxy Radius

Hugh Irvine hugh at open.com.au
Thu May 13 19:01:27 CDT 2004 

Hello Brian -

The Framed-IP-Address is usually (although not always) assigned after 
the radius authentication happens.

You will need to check a trace 4 debug to verify the contents of the 
access requests.

If the access requests do contain the Framed-IP-Address, you can do 
something like this:

<Handler Framed-IP-Address = /^10.1.1/>
	.....
</Handler>

<Handler Framed-IP-Address = /^10.1.2/>
	.....
</Handler>

regards

Hugh


On 13 May 2004, at 14:00, Brian CHNG Sing Yong wrote:

> Hi
>
>  Sorry, I think my question wasn't clear enough.
>
> If I'm not wrong the solution below allows me to forward the 
> authentication/accounting packet to pre-defined proxy host based on 
> the RAS Client.
>
> The situation is I'm using Radiator in a GPRS network environment, the 
> client is the handset and is assigned with a range of IP pool 
> depending on which APN they are using, so I need to filter by these IP 
> pool and proxy the request to pre-defined proxy host.
>
> For example
> IP Pool 10.1.1.0/24 handset IP coming from RAS Client 10.2.1.1, proxy 
> request to 15.1.1.1 ( Radius Server )
>
> IP Pool 10.1.2.0/24 handset IP coming from RAS Client 10.2.1.1, proxy 
> request to 15.1.1.2 ( Radius Server )
>
> Regards
> Brian
>
>
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, May 13, 2004 11:39 AM
> To: Brian CHNG Sing Yong
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Proxy Radius
>
>
>
>
> Hello Brian -
>
> Something like this:
>
> <Client 10.1.1.1>
>         Identifier ProxyRadius1
>         .....
> </Client>
>
> <Client 10.1.1.2>
>         Identifier ProxyRadius1
>         .....
> </Client>
>
> .....
>
> <Client 10.1.2.1>
>         Identifier ProxyRadius2
>         .....
> </Client>
>
> <Client 10.1.2.2>
>         Identifier ProxyRadius2
>         .....
> </Client>
>
> .....
>
> <Handler Client-Identifier = ProxyRadius1>
>         <AuthBy RADIUS>
>                 .....
>         </AuthBy>
>         .....
> </Handler>
>
> <Handler Client-Identifier = ProxyRadius2>
>         <AuthBy RADIUS>
>                 .....
>         </AuthBy>
>         .....
> </Handler>
>
> .....
>
> regards
>
> Hugh
>
>
>
> On 13 May 2004, at 12:46, Brian CHNG Sing Yong wrote:
>
> > Hi
> >
> > Would it be possible to do remote proxying to predefined list of 
> proxy
> > host based on the FRAMED IP ADDRESS ? If so how can I do it ?
> >
> > Example
> > Client IP Range : 10.1.1.0 netmask 255.255.255.0 forward
> > authenication/accounting packets to Proxy Radius 1
> > Client IP Range : 10.1.2.0 netmask 255.255.255.0 forward
> > authenication/accounting packets to Proxy Radius 2
> >
> > Regards
> > Brian
> >
> >
> >
> >
> > This email is confidential and privileged.  If you are not the
> > intended recipient, you must not view, disseminate, use or copy this
> > email. Kindly notify the sender immediately, and delete this email
> > from your system. Thank you.
> >
> > Please visit our website at www.starhub.com
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> This email is confidential and privileged.  If you are not the 
> intended recipient, you must not view, disseminate, use or copy this 
> email. Kindly notify the sender immediately, and delete this email 
> from your system. Thank you.
>
> Please visit our website at www.starhub.com
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list