[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Issues & Fixes: Duplicate Detection and Simultaneous Session Limits
As noted in a previous message from Jouni, there appears to be a
mis-understanding that a tradeoff exists between duplicate detection and
simultaneous session limits. Issues & Fixes Section 2.1.2 describes an
algorithm that provides each EAP session with its own unique Identifier
space, thereby removing any per-NAS Identifier limitations.
However, I think we might want to explicitly state in Section 2.1.2 that
there is no need for per-NAS Identifier restrictions, using appropriate
normative language (SHOULD?).
Also, in the section on duplicate detection, we should make it clear that
this should be handled at the per-EAP session level, not the NAS level,
potentially using the algorithm described in Section 2.1.2. The concern is
that if a RADIUS server implements clumsy Identifier restrictions, then the
ability to support duplicate detection may be also limited. For example,
Jouni mentions a product that, when duplicate detection is enabled, imposes
simultaneous session restrictions (not clear if this was per-NAS or
(shudder) per server).
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.