In clients.conf, you can match a whole subnet of source IPs with one rule:

client 192.0.2.0/27 {
       secret          = testing123-1
       shortname       = ADSL-BRAS
}

But is it possible to do the same to match a range of IPs in an attribute
like NAS-IP-Address?  I want to tag a collection of NASes from the same
subnet with a control attribute (but which may be talking via a proxy, not
directly).  Perhaps something like:

192.0.2.0/27    NAS-Group := "ADSL-BRAS"

or

DEFAULT         NAS-IP-Address =~ 192.0.2.0/27, NAS-Group := "ADSL-BRAS"

I've had a look at paircmp() in src/lib/valuepair.c and can't see any logic
which might do this.

Are there any options you can suggest, short of expanding the subnet into a
list of its constituent IPs?

Thanks,

Brian.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to