Tariq Rashid <[EMAIL PROTECTED]> wrote: > When a radius proxy, such as an appropriately configured freeradius , > forwards (proxies) a radius request to a target, the target sees a radius > request from the proxy .. it sees its IP address, the source port, and the > UID of the radius request.
UID? > now, when the radius target forms a reply/responce, does it address it to > that source port on the proxy server? Yes. From the point of view of the home server, the proxy is just another NAS. > if i run multiple proxies on a server, they will get the correct replies if > > 1. they send the proxied requests to the targets from different src > udp ports RADIUS replies go TO the port that the request was sent FROM. Proxies don't change this. > 2. if the targets actually respond to these src udp ports, and not a > default like 1645 That would be a violation of the RFC's, and wouldn't work with any NAS. > in people's experience, is the above a reasonable assumption or are there > common cases of radius target servers (not determined, and heterogeneous) > which do not behave correctly/usefully. If the home server behaves badly when requests are proxied to it, it will behave badly when a NAS sends packets to it. Proxies are just a NAS. > (there is a secondary issue that the UID for radius is 8 bits long which > means that in a high proxy volume environment a proxy server can't > theoretically have more than 256 pending requests ... how is this issue > overcome in practice? Read the RFC's. Multiple source ports. FreeRADIUS allows 8k *active* requests to any home server. That's more than enough for major deployments. > i know that not all devices and target radius servers implement the > extended id which effectively expands the range from 256) Extended ID? What's that? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

