[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: kickstart and SSPP
Hi Dave,
Thank you for your response. Let me try to understand your reponse:
please see inserts.
Regards,
Madjid
-----Original Message-----
From: owner-radiusext@ops.ietf.org
[mailto:owner-radiusext@ops.ietf.org]On Behalf Of Nelson, David
Sent: Saturday, December 06, 2003 9:27 AM
Cc: radiusext@ops.ietf.org
Subject: RE: kickstart and SSPP
> General question first, why did RADIUS madated the use
> of source IP address from the UDP packet as a way of shared
> secret look up in the first place.
Because shared secrets in RADIUS are hop-by-hop, and the only reliable
way to look up the shared secret for a proxy server is via the source IP
address.
Madjid>>if the shared secret is hop by hop and there are proxies on the way,
does that mean the NAS will not have a shared secret with the home RADIUS
server? This means the home server will not have any trust relationship with
the NAS that accepting users on behalf of that server?
The NAS ID is the of originating client, not the proxy.
Madjid>>So are you saying the packet carries both an IP address (for the
proxy or NAS) and a NAS ID for originating NAS?
Regards,
Dave
David B. Nelson
Wireless & AAA Architect, Office of the CTO
Enterasys Networks, Inc.
50 Minuteman Road
Andover, MA 01810-1008
(978) 684-1330
dnelson@enterasys.com
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>