[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC 3576bis Question: DAC and RADIUS server not co-located
Looking over the text, it still seems a bit rough. How about this?
"Regardless of whether it is co-located with a RADIUS server, the DAC is
typically assumed
to have access to data gleaned from the flow of RADIUS authentication or
accounting
packets (such as NAS and session identification attributes) in order to
compose
CoA-Request or Disconnect-Request packets. However, where the DAC is not
co-located with a RADIUS server, in some circumstances it may not have
access to data
necessary to build a compliant CoA-Request or Disconnect-Request packet
(such as the information necessary to construct a State Attribute
that a RADIUS server would subsequently accept).
In these deployments, the DAC SHOULD send CoA or Disconnect-Requests to a
RADIUS server acting as a proxy, rather than
sending them directly to the NAS.
A RADIUS server receiving a CoA or Disconnect-Request from the DAC may then
add or
update attributes (such as adding NAS or session identification attributes
or
appending a State Attribute), prior to forwarding the
packet. Having CoA/Disconnect-Requests forwarded by a RADIUS server may
also enable upstream RADIUS proxies to perform a Reverse Path Forwarding
(RPF) check
(see Section 6.1)."
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>