[RADIATOR] Best Practice Question
Ryan Harden
hardenrm at illinois.edu
Fri May 21 15:40:29 CDT 2010
What is the best practice when a device might match two <Client> sections?
Example:
Backbone Loopbacks: 172.20.19.0/24
Edge Loopbacks: 172.20.21.0/24
Device Blah: 172.20.19.114/32
I would like devices matching either /24 to run respective Handlers, but
the specific device "blah" to run a completely separate Handler. I
suppose I could do the following, but I'm not sure what the best
practice would be.
<Client 172.20.19.114>
Secret xxxxxx
DupInterval 0
Identifier Blah
</Client>
<Client 172.20.19.0/24>
Secret xxxxxx
DupInterval 0
Identifier Backbone
</Client>
<Client 172.20.21.0/24>
Secret xxxxxx
DupInterval 0
Identifier Edge
</Client>
I assume the specific device "Blah" would match the first Client section
and skip over the next two. Am I correct in this assumption?
In the grand scheme of things I'm going to have several of these /32
hosts that I'll need to call out specifically while letting the rest in
the respective /24s fall to more 'default' handlers. The purpose is to
apply different AuthZ rights to users based on what device they are
accessing.
Thanks
/Ryan
--
Ryan M. Harden, BS, KC9IHX Office: 217-265-5192
CITES - Network Engineering Cell: 217-689-1363
2130 Digital Computer Lab Fax: 217-244-7089
1304 W. Springfield email: hardenrm at illinois.edu
Urbana, IL 61801
University of Illinois at Urbana/Champaign - AS38
University of Illinois - ICCN - AS40387
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://www.open.com.au/pipermail/radiator/attachments/20100521/1b64a05b/attachment.bin
More information about the radiator
mailing list