Actually check the RFCs, this is a question for RADIUS in general.
>access-reply packet is different than that of the ip address of "set auth
>x.x.x.x" ?
YES! In fact any client that does NOT would not be RFC compliant.
Any reply received by a RADIUS client that did NOT come from the IP
the client send the Access-Request to is sliently discarded. This is
a security measure to prevent a false reply from being injected. Yes,
it isn't perfect itself, but it is part of the overall package.
Any Access-Accept, Access-Reject, or Access-Challenge must have a source
address that was the destination address of the Access-Request.
Any Accounting-Response must have a source address that was the destination
address of the Accounting-Request.
-MZ
-- -=*X GOT CLUE? ISPF II - SAN DIEGO, CA 3/6-10 <URL:http://www.ispf.com/> X*=- <URL:mailto:megazone@megazone.org> Gweep, Discordian, Author, Engineer, me.. Join ISP/C Internet Service Providers' Consortium <URL:http://www.ispc.org/> "A little nonsense now and then, is relished by the wisest men" 781-788-0130 <URL:http://www.megazone.org/> <URL:http://www.gweep.net/> Hail Discordia! - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>