Once upon a time Greg McKenzie shaped the electrons to say...
>Is anyone using multiple address pools in their PM3s to assign the IP
>address for a dial in user. If so how are you doing it if you don't mind
PortMasters support one and only one dynamic IP pool.
Now, there have been hacks to RADIUS to do this - but they have the same
faults as most of the logon control hacks. What happens when the box
users the secondary server? What if the RADIUS server or NAS reboots?
Etc. Since RADIUS is stateless there is no way to use it to control
a limited resource pool, like IPs. You run the risk of running out of
IPs when the server doesn't get informed of a logout so the IP is not
returned to the pool, or of duplicating IPs if the server erroneously
returns it or losed track (as in a server crash/reboot).
RADIUS ABM will provide for this ability, by using SNMP to backstop
the RADIUS protocol. And since it sits on commercial DBMS systems
the DBMS can handle server coordination with multiple RADIUS servers,
and mirroring/redundancy prevents loss of server side data in all
but extreme conditions.
To my knowledge none of the server hacks out now for IP pooling can
be used with multiple RADIUS servers - and I *strongly* encourage people
to have too, primary and secondary. And none of them use anything
aside from RADIUS to control the pool, which leaves them open to all
the inherent holes in the protocol when misused in this regard.
-MZ
-- <URL:mailto:megazone@megazone.org> Gweep, author, webmaster, human being, me "A little nonsense now and then, is relished by the wisest men" 508-791-9803 <URL:mailto:megazone@gweep.net> <URL:http://www.megazone.org/> Hail Discordia! - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>