* Mohan Sundar <xmohnsundar@yahoo.com> [20010328 11:56]:
What i understand is policies are stored in a centralized policy server, and these are pushed to the Access Servers thru some mechanism, like SNMP or file transfer, etc. What is achieved by RADIUS is just getting pointer (like filter name) to the policy corresponding to a subscriber when a subscriber dials in, and dynamically binding that to the access interface in the access server.
Yes and no. :) It is somewhat implementation dependent. There are some RADIUS client/servers that can transfer and install the filter directly via RADIUS. While others build the filters in other ways -- some directly on the NAS or with some other daemon that works in conjunction with RADIUS and the NAS.
How are these policies then dynamically generated, based on the IP address that is dynamically assigned? Do policy servers also have policies based on subscriber-name (or ID)? What is the interaction between policy server and RADIUS?
See above. :) Livingston (the now defunct maker of the PortMaster line) had a separate RADIUS-like protocol called ChoiceNet(tm) that you could use to dump dynamic/static filters to the NAS. It had no direct interaction with the RADIUS server but the RADIUS client (the PortMaster) had to know to request the filter from the ChoiceNet server. The filter name itself would typically be specified in the RADIUS profile. You might get better answers from the RADIUS IETF WG list (which I believe is still active...I dropped myself from it several months ago) and perhaps more "bigger picture" answers from the NASREQ IETF WG. <URL:http://www.ietf.org/> Regards, -jr ---- Josh Richards [JTR38/JR539-ARIN] <jrichard@geekresearch.com/cubicle.net/fix.net/freedom.gen.ca.us> Geek Research LLC - <URL:http://www.geekresearch.com/> IP Network Engineering and Consulting