Re: [radsecproxy] RFC 3576 CoA Support
8 Jan
2018
8 Jan
'18
7:47 a.m.
Hi Yusuf,
On 05.01.18 14:13, Yusuf Güngör wrote:
Radius clients who are behind NAT can successfully
initiate traffic
to radius server over radsecproxy. Can radius server initiate
traffic for CoA requests to clients which are behind NAT over
radsecproxy(via already established TLS connection with the
clients)?
Radsecproxy does not support CoA requests/responses at all; neither plain
UDP nor TLS.
After a quick glance at that RFC, I doubt CoA is well suited for proxies, as each proxy
would have to know each and every NAS by its identifier or IP address. This simply
doesn't scale.
A side note: RFC 3576 was obsoleted by RFC 5176
Best regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, www.switch.ch