In clients.conf, you can match a whole subnet of source IPs with one rule:
client 192.0.2.0/27 {
secret = testing123-1
shortname = ADSL-BRAS
}
But is it possible to do the same to match a range of IPs in an attribute
like NAS-IP-Address? I want to tag a collection of NASes from the same
subnet with a control attribute (but which may be talking via a proxy, not
directly). Perhaps something like:
192.0.2.0/27 NAS-Group := "ADSL-BRAS"
or
DEFAULT NAS-IP-Address =~ 192.0.2.0/27, NAS-Group := "ADSL-BRAS"
I've had a look at paircmp() in src/lib/valuepair.c and can't see any logic
which might do this.
Are there any options you can suggest, short of expanding the subnet into a
list of its constituent IPs?
Thanks,
Brian.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html