Help with executing accounting!

Tim Sylvester tim.sylvester at networkradius.com
Sun Mar 28 19:00:58 CEST 2010


Mohamed,

 

Tim, your analysis of ipoque operation is correct. IPOQUE receives the
accounting request as a way to dynamically map a user/IP to a class (where
combination of rules/policy are applied based on protocol and application
user is using). What I am trying to acheive actually is not proxying
accounting from NAS towards IPOQUE, but rather triggering it from radius
towards ipoque upon completion of user authentication and authorization.
Ipoque is a Layer-2 bridge where it transparently sits at the gateway of
network to control the use of Internet bandwidth and usage (p2p control,
streaming control, and many categories of traffic). Users do not have to
authenticate to ipoque, and users are actually within the LAN on wired
network, where they authenticate to NAS which then contacts server. This
setup I am trying for a university for controlling users access to Internet,
taking advantage of the powerful capability of ipoque to discover traffic
and categorise it with high precision

 

It's not clear to me how your users are authenticated - what device is doing
the authentication. The users are connected to a wired LAN. Are they
authenticating with the switch using 802.1X? What device is sending the
RADIUS Access Request packet to the RADIUS server? Assuming that the users
are authenticating to the switch using 802.1X and the switch sends the
Access Request to the RADIUS server, the switch should be configured to send
RADIUS accounting packets to the RADIUS server. When the user authenticates
using 802.1X with the switch, switch would send the Accounting Start packet
to the RADIUS server, then the RADIUS server should add the IPOQUE
attributes to the accounting packet and proxy the accounting packet to the
IPOQUE device.  

 

To configure the RADIUS server to proxy the accounting packets, read the
notes in the proxy.conf file. You will want to add the IPOQUE attributes to
the Accounting packet in the pre-proxy section of the configuration:

 

server ipoque {

  accounting {

  pre-proxy {

    update proxy-request {

       ipoque-class := "raduser"

      }

  }

}

 

Tim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100328/b3bdd3bf/attachment.html>


More information about the Freeradius-Users mailing list