[dhcwg] draft-ietf-dhc-agentopt-radius-00.txt
Thomas Narten <narten@us.ibm.com> Tue, 05 March 2002 07:44 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA20196 for <dhcwg-archive@odin.ietf.org>; Tue, 5 Mar 2002 02:44:50 -0500 (EST)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id CAA14645 for dhcwg-archive@odin.ietf.org; Tue, 5 Mar 2002 02:44:51 -0500 (EST)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id CAA14484; Tue, 5 Mar 2002 02:39:53 -0500 (EST)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id CAA14445 for <dhcwg@optimus.ietf.org>; Tue, 5 Mar 2002 02:39:51 -0500 (EST)
Received: from cichlid.adsl.duke.edu (user131-237.conference.apricot.net [169.223.131.237]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA20087 for <dhcwg@ietf.org>; Tue, 5 Mar 2002 02:39:48 -0500 (EST)
Received: from cichlid.adsl.duke.edu (narten@localhost) by cichlid.adsl.duke.edu (8.11.6/8.11.6) with ESMTP id g257akm02046; Tue, 5 Mar 2002 02:36:46 -0500
Message-Id: <200203050736.g257akm02046@cichlid.adsl.duke.edu>
To: Ralph Droms <rdroms@cisco.com>, jschnizl@cisco.com
cc: dhcwg@ietf.org
Date: Tue, 05 Mar 2002 02:36:45 -0500
From: Thomas Narten <narten@us.ibm.com>
Subject: [dhcwg] draft-ietf-dhc-agentopt-radius-00.txt
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <dhcwg.ietf.org>
X-BeenThere: dhcwg@ietf.org
I'd like to better understand the need for this document and what problem it solves. The model here seems to be: 1) client authenticates itself with access device using 802.1X L2 signalling. 2) access device happens to also be a DHCP relay agent (required). 3) as part of 802.1x, access device talks to radius server, gets back some radius AVPs. It caches those AVPs. 4) when client sends DHCP packets, relay agent appends the radius AVPs to the DHCP message via an agent options sub-option. 5) DHC server then uses the radius AVPs to figure out which address to give out. What I'd like to understand better: 1) is this used to (say) assign an address from the correct VLAN? If so, can't this be done without using the radius AVPs? I.e., say with a generic agent options sub-options that identifies the vlan 2) Seems like it might be dangerous to cache the radius stuff and then later (how much later? hours?) include it in messages to the DHC server. How does the server know the information is accurate or relevant? Moreover, should the DHC server trust those radius AVPs without itself checking with the radius server? I would think not, in which case what is the benefit of even including that info in the DHCP messages, when the DHC server can presumably just get the info directly from the radius server itself? 3) Seems like a more general (and less radius specific) approach would be for the relay agent to include the information that the client provided, and then let the DHC server query the radius server itself (just like the access device does). Or, in fact, maybe it will query a diameter server. Why wire the RADIUS stuff into the DHCP protocol? Thomas _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] draft-ietf-dhc-agentopt-radius-00.txt Thomas Narten
- Re: [dhcwg] draft-ietf-dhc-agentopt-radius-00.txt Ralph Droms
- Re: [dhcwg] draft-ietf-dhc-agentopt-radius-00.txt John Schnizlein