Log the 802.1x session

Matt Hite lists at beatmixed.com
Fri Apr 9 20:28:19 CEST 2010


On Fri, Apr 9, 2010 at 8:46 AM, Rosario Lumia <eryter at gmail.com> wrote:

> Sorry for my (very) bad english. Only for clearness: I'd want to know if
> there is a way to log the end of a 802.1x session. I mean: a client turn off
> his wireless card and (I think) AP can (??) send a message to freeradius
> because the association between client and AP is lost.
> My question was: is it possible?
> Your answer was very clear.

Answer: probably not.

>From what I've read, supplicants can send an EAPOL-Logoff message to
an authenticator (ie. an AP/switch). The authenticator could then
disable the "port." I can't think of any good reason the authenticator
would send this message to RADIUS. I've also read that Windows clients
will send an EAPOL-Start message when a user logs off instead of an
EAPOL-Logoff. Neither of these are really good methods for determining
whether an association between a client and an AP is lost.

-M



More information about the Freeradius-Users mailing list