Bernard Aboba wrote:
>> Comments? Sticks and stones?
>
> See RFC 4014. This allows the RADIUS server to recommend a pool of
> addresses
> (Framed-Pool or Framed-IPv6-Pool) from which the user address will be
> chosen.
While useful, this doesn't let the supplicant know which IP has been
allocated to him.
The AAA server should be able to send the supplicant a per-session
DHCP signing key, for use in RFC 3118 DHCP packet signing attributes.
That key can also be sent to the local AAA server via AAA, for
distribution to the local DHCP server. A similar key could be
distributed to the NAS for RFC 4014 purposes.
That method preserves the existing semantics of DHCP in networks, but
requires coordination between DHCP and AAA servers for key distribution.
It is likely to be easier to upgrade central DHCP / AAA servers than
to upgrade.
Alan DeKok.
_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area
