[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: When to Access-Reject vs. Silently Discard

To: 'Alan DeKok' <aland@ox.org>, 'Bernard Aboba' <aboba@internaut.com>
Subject: RE: When to Access-Reject vs. Silently Discard
From: Bikramjit Singh <BSingh@Nomadix.com>
Date: Thu, 7 Apr 2005 11:34:32 -0700
Cc: "'Glen Zorn (gwz)'" <gwz@cisco.com>, "'radiusext@ops.ietf.org'" <radiusext@ops.ietf.org>

Title: RE: When to Access-Reject vs. Silently Discard

The only times I can see (NAS-IP-Address != source IP) for local
NASes are buggy implementations, or security breaches. Is there
another case that text is trying to address, that I'm missing?

[Bik] Isn't this condition also true if there is NAT in the middle? And you have provisioned the RADIUS client with the publicly known external address. There are some implementations like that..

Thanks

-Bik

Follow-Ups:
- Re: When to Access-Reject vs. Silently Discard
  - From: "Alan DeKok" <aland@ox.org>

Prev by Date: Re: When to Access-Reject vs. Silently Discard
Next by Date: Re: When to Access-Reject vs. Silently Discard
Previous by thread: RE: When to Access-Reject vs. Silently Discard
Next by thread: Re: When to Access-Reject vs. Silently Discard
Index(es):
- Date
- Thread