[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: kickstart and SSPP

To: "'Nelson, David'" <dnelson@enterasys.com>, Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>
Subject: RE: kickstart and SSPP
From: Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>
Date: Fri, 12 Dec 2003 16:07:27 -0600
Cc: radiusext@ops.ietf.org

Hi Dave,

Thank you for your answers. 

What types of ID does the NAS use (beside IP address) in the NAS ID field?
Would the RADIUS server then later store this ID or the NAS IP address in
its database?
Also I am wondering if the RADIUS server keeps any entry about the user's IP
address?

Thanks in advance,

Madjid
P.S. It seems that the SSPP and kick start drafts have found a new home
in Enroll WG.


The NAS has a transitive trust relationship with the home server, via
the proxy server chain, but no direct trust relationship.  Each proxy
server will generally validate the NAS identity before forwarding a
request.  If you have a "rogue" proxy in the chain, security problems
will obviously exist.

> > The NAS ID is the of originating client, not the proxy.
> 
> Madjid>>So are you saying the packet carries both an IP address (for
the
> proxy or NAS) and a NAS ID for originating NAS?

Yes.  The packet's source IP address is in the IP header and the NAS ID
(or NAS IP Address) is in the packet payload.  It is the Source IP
address from the IP header that is used to look up the shared secret.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: RE: kickstart and SSPP
Next by Date: Comments on draft-black-radius-lanedge-00.txt
Previous by thread: RE: kickstart and SSPP
Next by thread: RE: kickstart and SSPP
Index(es):
- Date
- Thread