Suppose the ISP `Local' has a roaming arrangement with the
ISP `Remote'. When the user of `Remote' dials in
to the NAS of `Local', the NAS sends the authentication
request to `Local' radius server. The server then determines that this
is a roaming user, stores a copy of the request in its
internal queue, and forwards the request to `Remote' radius
server for processing. Thus, `Local' radius acts as a client for
`Remote' radius. When `Remote' radius responds, the
`Local' receives the response, and passes it back to the NAS.
The copy of the request from the server's queue serves to determine
which NAS originated the request. Before passing the request
back to the NAS, radius removes from it the information,
specific for `Remote' site, such as Framed-IP-Address,
Framed-Netmask, etc. Only the attributes marked with
`propagate' flag (see section Attributes) are passed back to
the NAS. After removing site-specific attributes, `Local' radius
passes the request through its user profiles (see section User Profiles) to
insert any local site-specific information that might be
needed. Finally, it passes the reply back to the NAS.
The accounting requests are processed in the similar manner, except that no attribute filtering takes place, as the accounting responces do not carry any A/V pairs.
This example illustrates the simplest proxy chain, consisting of only two servers. The proxy chains may consist of several servers. In our example, the `Remote' radius server may also act as a proxy and forward the request to still another radius server, etc.
Note, that when the accounting request passes through a chain of forwarding servers, the accounting records are stored on all servers in the chain.
Go to the first, previous, next, last section, table of contents.