MLPPP Acct-Session-Id

Jay Kuhne (jkuhne) jkuhne at cisco.com
Tue Mar 29 15:08:04 CEST 2011


Hi Alan,

Thanks for your reply.  I think the bottom line is I need to do some
more investigation.

I tried a PPP vs. MLPPP session and my COAs work as expected.

I'll see if I can gather data from the Accounting-Request like you
mention.  I'll see if I can find the " Message-Authenticator attribute"

I'm not sure why the NAS is making this mandatory, I'll have to
investigate. 

This is very helpful since as I can clearly see I'm not an expert in
this area.

Thanks,
Jay

-----Original Message-----
From: freeradius-users-bounces+jkuhne=cisco.com at lists.freeradius.org
[mailto:freeradius-users-bounces+jkuhne=cisco.com at lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Tuesday, March 29, 2011 1:50 AM
To: FreeRadius users mailing list
Subject: Re: MLPPP Acct-Session-Id

Jay Kuhne (jkuhne) wrote:
> Is there another attribute syntax on radclient that could be used 
> aside from Acct-Session-Id  to perform COA to a session

  I'm not sure I can parse that.

  I *think* the correct response is to say "read the NAS documentation".
 If the NAS accepts CoA packets, the documentation *should* say what it
needs in the CoA to disconnect a session.

  Failing that, look at the Accounting-Request packets for the session.
 Take that data (other than the various counters), put it into a CoA
packet, and hope for the best.

> RADIUS: COA  received from id 48 x.x.x.99:1052, CoA Request, len 149

> COA: x.x.x.20 request queued

...
> COA: Message Authenticator missing or failed decode


  That message seems clear.  Add the Message-Authenticator attribute to
the CoA packet.

  And *why* does the NAS require this?  RFC5176 does *not* require a
Message-Authenticator to be in a CoA packet.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list