On Jan 26, 2010, at 5:52 PM, Avi Lior wrote:
The NAS can ask questions of the form "I have this user, who has made aconnection attempt via that port / protocol, what access should I provision to the user?"I am sorry i just dont see a difference.
I guess the difference is that the RADIUS server is free to ignore the contextual hints and simply provision the service that is dictated by the user's identity and context-independent policy. The NAS need to be prepared to deal with *either* an Access-Accept provisioning an unexpected / unsupported service *or* an Access-Reject, in response to the same Access-Request.
-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>