[RADIATOR] Assigning IP's directly from the Radius server

Heikki Vatiainen hvn at open.com.au
Tue Feb 1 03:02:55 CST 2011


On 01/31/2011 11:46 AM, Gerard Alcorlo Bofill wrote:

> I'm using Radiator with 4 CISCO AP 1100 to offer Eduroam access.
> Nowadays we are giving IP address from a DHCP server without visibility
> with the Radius.
> I'd like to query the Radius using radwho.cgi script giving all the
> assignated IP addresses at that specific moment.
> 
> To do that, I thought that the solution would be to use
> <AddressAllocator SQL> and then use the Framed-Route attribute to assign
> the gateway to the clients.
> 
> Am I right?

You should experiment and see if this works for you. Have you checked
how AP 1100 relays the IP address to your eduroam users? The users are
most likely using DHCP, so Aironet AP should be able to answer DHCP
queries. I have not checked if they have this functionality, so please
let us know how it works.

Michael already provided a good look at SQL allocator, and you may also
want to check goodies/addressallocator.cfg for another example.

> I also have problems understanding the <AddressAllocator DHCP> clause.
> In what situation is useful that Radiator asks the IP to a real DHCP
> server? Is something related to the performance or there are situations
> that need a DHCP mandatorily?

I think there are multiple cases which can be useful. For example:
- checking address consumption centrally from DHCP
- having one centralised system for address management
- using DHCP server to trigger firewall or other rules

The first two points relate to keeping track of address usage. The
second could be used as an extra security measure where all users are
forced to use dhcp before they are allowed to use the network. This can
keep users from configuring static addresses to try to hide their
activities.



-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list