[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: kickstart and SSPP



> General question first, why did RADIUS madated the use
> of source IP address from the UDP packet as a way of shared
> secret look up in the first place.

Because shared secrets in RADIUS are hop-by-hop, and the only reliable
way to look up the shared secret for a proxy server is via the source IP
address.  The NAS ID is the of originating client, not the proxy.


Regards,

Dave

David B. Nelson
Wireless & AAA Architect, Office of the CTO
Enterasys Networks, Inc.
50 Minuteman Road
Andover, MA 01810-1008
(978) 684-1330
dnelson@enterasys.com

 

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>