Hi, > I think we need to get these question marks discussed before saying no. > > Historically, the NAS-port-type is associated with the L1/L2 port over > which the “access” service is provided. But with the new use of > RADIUS, this view is no longer applicable. Again, consider a Mobile IP > Home Agent node implementing RADIUS client for AAAing the MN’s > registration requests. The L1/L2 port that receives the MN > registration request has no significance, and it can be one of many > types. Here, our thinking is, the “logical” port is the “Mobile IP > Home Agent”, and that has nothing to do with the L1/L2 port. > > What do people think? > > If the use of RADIUS has nothing to do with giving access to real NAS-Ports - then why overload the NAS-Port-Type attribute for this unrelated business? NAS-Port-Type is optional, so if you don't provision service on a NAS port leave the attribute out. RFC2865 says: An Access-Request SHOULD contain a NAS-Port or NAS-Port-Type attribute or both unless the type of access being requested does not involve a port or the NAS does not distinguish among its ports. Sounds clear to me :-) I understand the need for signalling for what kind of service the user is being authenticated. I have same at home where our RADIUS server does IMAP, SMTP, 802.11, Jabber, Dialup, etc... logins. These are different services; so it would sound natural to use Service-Type for it: RFC2865 says: This Attribute indicates the type of service the user has requested, or the type of service to be provided. Which is, BTW, extremely similar to how I solved the problem for me. I defined a VSA "RESTENA-Service-Type" (string) and put things like "IMAP" into it. That makes server-side per-service processing easy. Of course, WiMAX could get a "real" Service-Type value instead and wouldn't need to hide behind a VSA :-) Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Attachment:
signature.asc
Description: OpenPGP digital signature