We've always considered the WAN and LAN to be different objects so our history
is to prefer the method you think is 'better.' Seems this model has been around
since the dialin days.
We also have customers with multiple routes so it seems a logical separation.
Failover might be a bit more flexible too since you can control some parameters
of the Framed Route.
I know some people use RFC1918 addresses for WAN which might be a factor (we do
not).
Perhaps in some network strategies the lines between WAN and LAN may be a bit
more blurred than ours.
George
On Mar 8, 2010, at 6:10 PM, Erik L wrote:
Scenario: with the help of RADIUS, routing subnets to end users connecting
via PPP.
Discussion: pros/cons of using Framed-IP-Address+Framed-Route versus
Framed-IP-Address+Framed-IP-Netmask.
We're talking here in generic terms, so as far as the behaviour of the LNS or
access concentrator or whatever else is receiving the Access-Accept and
terminating the ppp session, we're assuming more or less sane behaviour,
roughly as follows. In the first alternative, the IP address on the ppp link
is outside the subnet indicated by Framed-Route and one or more subnets are
routed via the link; one such subnet per Framed-Route attrib. In the second
alternative, the one subnet routed is that which contains the
Framed-IP-Address and is as large as the Framed-IP-Netmask indicates.
I'm arguing to a colleague that the first alternative is better, non-/32
netmasks on a ppp link make no sense (since netmasks on point-to-point links
don't matter anyway), that the second alternative doesn't allow users to make
use of their allocated space as easily and effectively as the first
alternative, and that the second alternative is limited to routing one subnet
(though you might be able to mix Framed-IP-Netmask and Framed-Route
together?).
Comments? How are others doing it and why?
Erik
smime.p7s
Description: S/MIME cryptographic signature
