Hi,
Discuss in the document that the NAS can be identified by somethingother than source IP address.
Sure, that's possible. FOr X.509 cert operation, I guess this is a non-issue, since there are numerous ways to identify a peer without using its IP address. For PSK, the PSK Identifier Field can be used to identify the peer. This can be used to create arbitrary identifiers, independent of the IP address of the NAS.
This works both ways: if one has configured many tuples of (IP,sh-sec), it might be desirable to keep that configuration - in which case the Identifier field can be set to the IP address.
In none of these cases it is necessary to use layer 3 packet inspection to identify the peer - the Identifier field is always sufficient. Is that what you menat? Then I'll update the text accordingly.
Greetings, Stefan Winter -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>