"freeradius" <[EMAIL PROTECTED]> wrote:
> We have a MAX TNT nas and now we have problems with spoofed icmp-echo
> and echo-reply packages.
> To sole the problem we must enable the Ascend-Source-IP-Check VSA reply
> for users authenticated from free radius.
> So I modified the clints.conf file to :
>
>
> client A.B.C.D {
> secret = somesecret
> shortname = max
> Ascend-Source-IP-Check[96]=1
> }
There is nothing in the documentation which says that is allowed.
That's why it doesn't work.
> Is my radius propertly configuerd to send Ascend-Source-IP-Check ?
No. You have to edit the 'users' file to check for the NAS, and add
that attribute. Put this at the top of the 'users' file:
DEFAULT Client-IP-Address == A.B.C.D # use your real client IP
Ascend-Source-IP-Check = 1,
Fall-Through = Yes
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
