Re: Radius Framed-Route question (fwd)

MegaZone (megazone@livingston.com)
Mon, 28 Apr 1997 05:26:00 -0700 (PDT)

Once upon a time Todd Vierling shaped the electrons to say...
>of only two reasons we can't yet replace our MAXen with PM3s--consider this
>an RFE! I knew there was another I forgot to tell you about. The other was
>the caller ID authentication.)

Unfortunately I don't believe we will add that unless the WG does.

As to caller-ID authentication, you mean more than is there now?

>Since network hardwired ports can have numbered addresses, why not a RADIUS
>extension for this? Is there one already proposed for RFC? <sigh> I know

I don't even recall this being mentioned on the IETF WG mailing list. I
don't think anyone is looking for it right now - it isn't in the RFCs or
the current extensions draft either.

>local side to authenticate itself on a *dial-in* connection is another that
>we don't use, but have been asked to do so once.)

We will - with CHAP. I don't think you will ever see us do it with PAP,
to risky.

>As shameful as it may sound, there are *hundreds* of products that demand a
>constant IP--in the same netmasked subnet--as its serial interface on a
>connection. Older Cisco IOS releases, older Bay Networks (formerly
>Wellfleet) products, all Gandalf ISDN products, NT 3.1 and 3.50, and many
>more come to mind.

I'm suspicious of this. THEY still get whatever IP you want - they
just need to address the IP on the other end of the link. I have seen
connections from Gandalf ISDN products so I know that works. And I have
seen connections from Bay boxes - but I don't know if they were Wellfleet.
NT 3.51 and up seems to work no problem.

Put another way - for the longest time we didn't allow local IP to be set
on dialin connections AT ALL. And it rarely got a peep. It could only
be set on dedicated lines.

Reported-IP was added a while back to set it across boxes. So you could
make your entire pool look like one big chassis. That is still in there.

Around 3.3.1 or so we added the ability to set the local-IP *by user* in
the local users tables. And that seems to have taken care of the vast
majority of need - since this is commonly used for 'dedicated dial-in' users
who have other networks routed to them. They usually dial into the same
chassis, so one local entry will handle them.

Livingston has been very strongly against adding vendor specific attributes
to RADIUS. We don't use any at this time and have no intention of adding
any at this time. We feel that anything that is truly important will be
taken to the WG and if it has merit will be in the standard.

Ascend has added everything and it's duck to their "RADIUS" system -
using it for things it was not meant to do, like configuring the NAS.

-MZ

--
Livingston Enterprises - Chair, Department of Interstitial Affairs
Phone: 800-458-9966 510-737-2100 FAX: 510-737-2110 megazone@livingston.com
For support requests: support@livingston.com  <http://www.livingston.com/> 
Snail mail: 4464 Willow Road, Pleasanton, CA 94588