I recently noticed that Cisco rejects Access-Accept unless they originate from the same IP that auth was requested from. Another vendor will accept them from any ip no matter who they were originally sent to.
Didn't find any mention in the RFC 2865 about the ip source of an accept packet. Now to me it seems like rejecting the packets makes more sense when they are not being sourced from the same IP address that the original request was destined to. Any thought on this? Ted - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
