Name
Port-Limit
Synopsis
Attribute Number |
62 |
Length |
6 |
Value |
INTEGER |
Allowed in |
Access-Accept, Access-Request |
Prohibited in |
Access-Reject, Access-Challenge |
Presence in Packet |
Not required |
Maximum Iterations |
1 |
The value of this attribute dictates the upper limit on the number of ports that NAS is authorized to give to the client. In practice, the use of this packet is most often found in support for bonding channels together with ISDN or for multilink point-to-point (MLPPP) protocol, which allows a user to aggregate two modems and phone lines into one IP channel.
There are a couple of caveats to the implementation of the
Port-Limit
attribute. The problem lies squarely in
the fact that the enforcement of this attribute is done at the NAS
machine, not at the RADIUS server. In implementations where there is
more than one NAS machine, the effective port-limit would be the
number of NAS machines present multiplied by the value in
Port-Limit
. Realistically, some sort of mechanism
is needed to keep track of active logins over the entire network lest
the efficacy of the Port-Limit
attribute be
reduced to zero. This exemplifies the need for some sort of
third-party session management software, especially in large,
distributed networks.
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.