OK, I know a lot of techies read this. My google skills must be lacking because I can't find this and it seems like it should exist.
When handling a PPP session the LNS will do a RADIUS request to a RADIUS server. It can answer with IP details to terminate the PPP. It can instead provide a set of tunnel endpoints and passwords to allow L2TP relay to another LNS...
What I want is a way to respond by RADIUS providing a list of RADIUS servers to go and try. This secondary RADIUS would get tunnel endpoints.
What I cannot find is the RADIUS access accept attributes to tell an LNS to go do another RADIUS check. If anyone knows this, do post or email me.
In the absence of an RFC for this I was planning to define another Tunnel-Type value for RADIUS. This would allow the preference ordered and grouped list of up to 32 RADIUS servers using the tagged Tunnel-Server-Endpoint, and Tunnel-Password, just like an L2TP situation but RADIUS. Technically RADIUS is not a "tunnel" type, but it seems to fit well. Indeed one could see a case for sending some RADIUS endpoints plus some L2TP endpoints all in the same reply where the L2TP endpoints are the last resort if RADIUS is not responding.
So, if anyone has any clues as to an RFC for this, that would be great :-)