PPP+RADIUS - routing subnets to end users - Framed-Route vs. Framed-IP-Netmask

• Previous message (by thread): Trojan traffic from 115.100.250.112
• Next message (by thread): PPP+RADIUS - routing subnets to end users - Framed-Route vs. Framed-IP-Netmask
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scenario: with the help of RADIUS, routing subnets to end users connecting via PPP.

Discussion: pros/cons of using Framed-IP-Address+Framed-Route versus Framed-IP-Address+Framed-IP-Netmask.

We're talking here in generic terms, so as far as the behaviour of the LNS or access concentrator or whatever else is receiving the Access-Accept and terminating the ppp session, we're assuming more or less sane behaviour, roughly as follows. In the first alternative, the IP address on the ppp link is outside the subnet indicated by Framed-Route and one or more subnets are routed via the link; one such subnet per Framed-Route attrib. In the second alternative, the one subnet routed is that which contains the Framed-IP-Address and is as large as the Framed-IP-Netmask indicates. 

I'm arguing to a colleague that the first alternative is "better", non-/32 netmasks on a ppp link make no sense (since netmasks on point-to-point links don't matter anyway), that the second alternative doesn't allow users to make use of their allocated space as easily and effectively as the first alternative, and that the second alternative is limited to routing one subnet (though you might be able to mix Framed-IP-Netmask and Framed-Route together?). 

Comments? How are others doing it and why?

Erik

• Previous message (by thread): Trojan traffic from 115.100.250.112
• Next message (by thread): PPP+RADIUS - routing subnets to end users - Framed-Route vs. Framed-IP-Netmask
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]