North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RADIUS info for traveling users ...
Thanks for your responses and correcting my understanding. What i understand is policies are stored in a centralized policy server, and these are pushed to the Access Servers thru some mechanism, like SNMP or file transfer, etc. What is achieved by RADIUS is just getting pointer (like filter name) to the policy corresponding to a subscriber when a subscriber dials in, and dynamically binding that to the access interface in the access server. How are these policies then dynamically generated, based on the IP address that is dynamically assigned? Do policy servers also have policies based on subscriber-name (or ID)? What is the interaction between policy server and RADIUS? Thanks again. - elwin --- Brett Frankenberger <[email protected]> wrote: > > A Service Provider, having several POPs, I presume > > will be using at least one RADIUS server that is > > associated to each POP, and are usually colocated > > at the POP, along with the RAS, aggregation and > other > > IP service devices. > > For most providers, you presume incorrectly. RADIUS > is generally > hosted centrally. > > > And the IP address assigned for a subscriber > dialing > > up from one location is assigned by the > corresponding > > RADIUS server, after authentication. > > The IP Address is generally assigned by the access > server. > > > To take it further, when policies are associated > with > > this subscriber that are based on IP address, how > > is that handled when the subscriber travels? > > Static IP addresses that give a customer the same IP > address ragardless > of what POP he dials are rarely offered by dial-up > providers. Those > that do necessarily have some sort of routing hack > to get their routing > tables updated when the ustomer dials into a remote > POP. Policy is > generally implemented by filters on the Access > Server that are > dynamically created (by the RADIUS server) when the > customer dials in, > so it isn't necessary that the customer always have > the same IP > address. > > -- Brett __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text
|