Hi Ted, "Why" would the Access-Accept packet NOT come from the same IP (radius server) the request was sent to originally??? To do otherwise would open up the NAS or AP to spoofing attacks...
What vendors are you referring to in terms of accepting Access-Accept packets from an IP other than the original IP the request was sent to (just to make sure I don't use their equipment [grin])??? Are you confusing IP (Internet Address) with the port number of the communications on the IP address between the NAS or AP and the Radius Server???? gm... ----- Original Message ----- From: "Ted Kaczmarek" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 24, 2004 1:59 PM Subject: Access-Accept source ip > I recently noticed that Cisco rejects Access-Accept unless they > originate from the same IP that auth was requested from. Another vendor > will accept them from any ip no matter who they were originally sent to. > > Didn't find any mention in the RFC 2865 about the ip source of an accept > packet. > > > Now to me it seems like rejecting the packets makes more sense when they > are not being sourced from the same IP address that the original request > was destined to. > > > Any thought on this? > > Ted > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > --- > [This E-mail scanned for viruses by Declude Ant-Virus Scanner] > > --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
