[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Question on draft-ietf-radext-management-authorization-04.txt
> Typically, the way that this kind of problem is solved is via
> addition of session identification attributes, such as the
> Acct-Session-Id, NAS-Port or NAS-Port-Id. Is a NAS-Port/
> NAS-Port-Id Attribute likely to be available in the case of
> a management session (local or remote)?
OK, I don't know what typical NAS implementations use for NAS-Port and/or
NAS-Port-Id for remote connections, e.g. when the NAS-Port-Type is Virtual.
I could imagine that they might use a number of things. Remote IP address
and Remote TCP Port are one possibility. The file descriptor value for use
with the open socket might be another. By definition, the values are
transient, or if the value is not transient, the status of the particular
virtual port instance they describe certainly would be. I suppose that what
would be important is that the NAS *has* some unique and meaningful values
for those attributes, valid for the duration of the remote management
session.
> If an Acct-Session-Id exists, this is probably the
> cleanest way to solve the problem.
Yes.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>