File: HOWTO.ASSIGN_IP

package info (click to toggle)
portslave 2002.01.19
  • links: PTS
  • area: main
  • in suites: woody
  • size: 836 kB
  • ctags: 1,212
  • sloc: ansic: 8,258; sh: 168; makefile: 122
file content (267 lines) | stat: -rw-r--r-- 8,800 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
 
                             ASSIGNING IP ADDRESSES
                              PORTSLAVE 2001.10.28

                                    Sections
                                    ========

Below are the sections of this document:

	- Compiling
	- Overview
	- IP Assignment
	- PPPD Settings
	- Radius Settings
	- Portslave Settings
	- Client IP Assignment
	- Common Configurations
	- NOTES

                                    Compiling
                                    =========

This is not a standard feature of Portslave (yet).  You have to give
"./configure" the parameter "--enable-assignment", this will result in the
C macros PORTSLAVE_CLIENT_IP_RULES and ALLOW_NO_LOCAL_IP being defined.
PORTSLAVE_CLIENT_IP_RULES enables the client IP address selection and
ALLOW_NO_LOCAL_IP allows the use of no local IP address.


                                    Overview
                                    ========

There are several sources used to assign IP addresses with portslave pppd:

	1. PPPD Command line
	2. File, /etc/ppp/options
	3. File, /etc/ppp/options.<ttyname>
	4. File, ~/.ppprc
	5. Radius server
	6. Portslave configuration file, /etc/portslave/pslave.conf
	7. Client selection

Each of these sources has its own method of setting the IP addresses and
indicating when the address is not assigned.  In addition, there are rules
which determine from which source an IP address will be assigned.

This file describes these rules and gives examples of common configurations.


                                 IP Assignment
                                 =============

The order of precedence for the assignment of IP addresses is shown below.  The
first of these locations that contains an IP address assignment sets the IP
address.  Note that the local and remote IP addresses can be assigned
independent of each other even though both use the same rules.

	1. Client selection *
	2. Radius server
	3. /etc/portslave/pslave.conf
	4. Command line
	5. ~/.ppprc
	6. /etc/ppp/options
	7. /etc/ppp/options.<ttyname>

* This has not been fully verified but has been seen in testing.


                                 PPPD Settings
                                 =============

For the command line, options, options.<ttyname>, and .ppprc locations, the
IP addresses can be assigned using the <local-address>:<remote-address> format.
In order to indicate that either address is not assigned, simply exclude it
from the argument.  If neither is assigned, the entire address specifier can be
excluded.

Note that excluding the address from the specifier will not undo a previous
assignment nor prevent a future assignment.  So, for example, if the value
"192.168.1.1:" resides in the options file, an entry of "10.3.0.1:10.4.0.2"
on the command line will still set the remote IP address to 10.4.0.2.
Likewise, with the entry of "192.168.1.1:" in the options file and an entry of
"10.3.0.1:10.4.0.2" in the options.<ttyname> file will yield a remote IP
address of 10.4.0.2.


                                Radius Settings
                                ===============

There are different radius implementations, each of which has its own method
of setting the various attributes.  Here are the attributes which may be used
to assign IP addresses:

	ATTRIBUTE		MEANING
	----------------------	---------------------------------------------
	 8 Framed IP Address	Remote IP Address
	 9 Framed IP Netmask	Remote IP Netmask
	14 Login IP Host	Remote IP Address

Any attribute which is not supplied by the radius server to the portslave
radius client is left unassigned.  In addition, setting an IP Address to
255.255.255.255 will also indicate that it is unassigned.


                               Portslave Settings
                               ==================

Below are the settings in the pslave.conf file which affect the IP Address
assignment.

	all.loc_host	- Sets the local IP Address of the server.  Set to
			  255.255.255.255 in order to indicate that the local
			  IP Address is unassigned.
	all.rem_host	- Sets the remote IP Address of all ports.  Set to
			  255.255.255.255 in order to indicate that the remote
			  IP Address is unassigned.
	s<port>.rem_host -Sets the remote IP Address of the specified port.
	                  Set to 255.255.255.255 in order to indicate that the
			  remote IP Address is unassigned.

NOTE: if both all.rem_host and s<port>.rem_host reside in the configuration
      file, the s<port>.rem_host setting is the one that will be used.


                              Client IP Assignment
                              ====================

Allowing the client to assign the IP address even when the raduis server is
used involves the following additional settings in pslave.conf:

	all.valid_ip	- A list of strings which indicate the valid IP
			  addresses which can be selected by a client.  The
			  format of the strings matches the IP address field
			  of the pap-secrets file.

	s<port>.valid_ip
			- Same as all.valid_ip but only affects one port.


                             Common Configurations
                             =====================

Below are some common configurations for remote IP address assignment and
settings that will support each configuration.

	1. Assign remote IP address on the radius server
	2. Assign remote IP address in options file
	3. Assign remote IP address in pslave.conf file
	4. Assign remote IP address in options.<ttyname> file
	5. Allow client to select the remote IP address

Here are the sample settings for each configuration:

	1. Assign remote IP address on the radius server:

		/etc/ppp/options
			- Exclude entry.
		/etc/ppp/options.<ttyname>
			- Exclude entry.
		~/.ppprc
			- Exclude entry.
		/etc/portslave/pslave.conf
			- Include entry "all.rem_host 255.255.255.255", or the
			  s<port>.rem_host equivalent; for example:
			  "s0.rem_host 255.255.255.255".
		Command Line
			- Exclude setting.
		Radius Server
			- Assign IP address.
		Client
			- Exclude setting.

	2. Assign remote IP address in options file:

		/etc/ppp/options
			- Include entry such as ":192.168.1.1"
		/etc/ppp/options.<ttyname>
			- Exclude entry.
		~/.ppprc
			- Exclude entry.
		/etc/portslave/pslave.conf
			- Include entry "all.rem_host 255.255.255.255", or the
			  s<port>.rem_host equivalent; for example:
			  "s0.rem_host 255.255.255.255".
		Command Line
			- Exclude setting.
		Radius Server
			- Exclude setting or assign "255.255.255.255".
		Client
			- Exclude setting.


	3. Assign remote IP address in pslave.conf file:

		/etc/ppp/options
			- Exclude entry.
		/etc/ppp/options.<ttyname>
			- Exclude entry.
		~/.ppprc
			- Exclude entry.
		/etc/portslave/pslave.conf
			- Include entry "all.rem_host 192.168.2.1", or the
			  s<port>.rem_host equivalent; for example:
			  "s0.rem_host 192.168.2.1".
		Command Line
			- Exclude setting.
		Radius Server
			- Exclude setting or assign "0.0.0.0".
		Client
			- Exclude setting.

	4. Assign remote IP address in options.<ttyname> file:

		/etc/ppp/options
			- Exclude entry.
		/etc/ppp/options.<ttyname>
			- Include entry such as ":192.168.1.1"
		~/.ppprc
			- Exclude entry.
		/etc/portslave/pslave.conf
			- Include entry "all.rem_host 255.255.255.255", or the
			  s<port>.rem_host equivalent; for example:
			  "s0.rem_host 255.255.255.255".
		Command Line
			- Exclude setting.
		Radius Server
			- Exclude setting or assign "255.255.255.255".
		Client
			- Exclude setting.

	5. Allow client to assign remote IP address:

		/etc/ppp/options
			- Exclude entry.
		/etc/ppp/options.<ttyname>
			- Exclude entry.
		~/.ppprc
			- Exclude entry.
		/etc/portslave/pslave.conf
			- Include entry "all.rem_host 255.255.255.255", or the
			  s<port>.rem_host equivalent; for example:
			  "s0.rem_host 255.255.255.255".  Also, include the
			  entry "all.valid_ip <ipno>" or the s<port>.valid_ip
			  equivalent.  Note that <ipno> in this case is any
			  string accepted in the IP address field of the
			  pap-secrets file.
		Command Line
			- Exclude setting.
		Radius Server
			- Exclude setting or assign "255.255.255.255".
		Client
			- Exclude setting.


                                     NOTES
                                     =====

- This file is based on Portslave distribution 2001.10.28.

- Modifications were made to the base distribution to enable some of the
  functionality described in this file.

- A large number of combinations of configurations exists because of the
  number of locations that can be used to hold settings.  Putting most of the
  settings into a single location, such as the pslave.conf file, helps to
  reduce the complexity and confusion.  In addition, because of the number of
  combinations is large, it is difficult to verify that each one operates as
  expected.