Section 3.14. <Client xxxxxx>

3.14. <Client xxxxxx>

The beginning of a Client clause. The clause continues until </Client> is seen on a line. A Client clause specifies a RADIUS client that this server will listen to. Requests received from any client not named in a Client clause in the configuration file will be silently ignored. The DEFAULT client (if defined) will handle requests from clients that are not defined elsewhere.

You must have a Client clause for every RADIUS client which your server is expected to serve, or else a DEFAULT Client. In each Client clause replace the xxxxxx with either the DNS name or the IP address of the host machine where the RADIUS client is running, or with MAC: and the MAC address of the client. IPv4 and IPv6 addresses are supported. IPv6 addresses can only be received if an IPv6 BindAddress has been specified (See Section 3.7.9). IPv4 and IPv6 CIDR address notation is permitted.

DNS names are resolved only once when the client instance is created during the configuration. MAC address of the client is looked up from Called-Station-Id RADIUS attribute.

If an incoming request is capable of matching multiple Client clauses, the clause is chosen as follows:

If multiple Client clauses have an exact IP match (same IP address or hostname resolving to the same IP address), the last one listed in the configuration is chosen. The same applies between multiple clauses with the same CIDR value: the last one listed in the configuration is chosen.
Exact match is chosen over CIDR match
Longer prefix CIDR match is chosen over shorter prefix CIDR match
CIDR match is chosen over MAC match
MAC match is chosen over DEFAULT

Tip

IPv6 addresses are not required to be prefixed with ‘ipv6:’ with Radiator 4.13 or later.

In the following example, the radius server will only respond to requests received from either oscar.open.com.au or from IPv4 address 203.63.154.7 or IPv4 network 203.10.1.0/24 or from IPv6 address 2001:db8:100:f101:0:0:0:1 or from IPv6 network 2001:db8:100::/64 and each client has a different shared secret. MAC match and DEFAULT client are commented out and thus not used.

Note

For more information about addresses starting with ::ffff, see Section 3.7.10.

<Client oscar.open.com.au>
      Secret XG1gFty566
</Client>
<Client 203.63.154.7>
      # An IPv4 client
      Secret kj1fgkj77878&
</Client>
<Client 203.10.1.0/24>
      # An IPv4 class C address group
      Secret ljdfhjlsd
</Client>
<Client ::ffff:203.10.1.0/120>
      # See the note above
      Secret ljdfhjlsd
</Client>
<Client 2001:db8:100:f101:0:0:0:1>
      # An IPv6 client
      Secret pqr
</Client>
<Client 2001:db8:100::/64>
      # An IPv6 /64 sized network
      Secret pqr
</Client>

#<Client MAC:2a-1f-09-5a-25-2a>
#      # Client identified by its MAC address
#      Secret gshgs
#</Client>
## Handle all other clients with this secret
#<Client DEFAULT>
#      Secret xyzzy
#</Client>

Each Client clause can have a number of different parameters set, as described below.

Tip

If you are using an SQL database, you can list your clients in a RADCLIENTLIST table and use <ClientListSQL>. For more information, see Section 3.16 instead of listing them in your config file. This may be convenient, especially if you are using RAdmin to manage your RADIUS system.