<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1067415351;
mso-list-template-ids:-1357331158;}
@list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Mohamed,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Tim, your
analysis of ipoque operation is correct. IPOQUE receives the accounting request
as a way to dynamically map a user/IP to a class (where combination of
rules/policy are applied based on protocol and application user is using). What
I am trying to acheive actually is not proxying accounting from NAS towards
IPOQUE, but rather triggering it from radius towards ipoque upon completion of
user authentication and authorization. Ipoque is a Layer-2 bridge where it
transparently sits at the gateway of network to control the use of Internet
bandwidth and usage (p2p control, streaming control, and many categories
of traffic). Users do not have to authenticate to ipoque, and users are
actually within the LAN on wired network, where they authenticate to NAS which
then contacts server. This setup I am trying for a university for
controlling users access to Internet, taking advantage of the powerful
capability of ipoque to discover traffic and categorise it with high precision<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>It’s not clear to me how your users are authenticated –
what device is doing the authentication. The users are connected to a wired
LAN. Are they authenticating with the switch using 802.1X? What device is
sending the RADIUS Access Request packet to the RADIUS server? Assuming that
the users are authenticating to the switch using 802.1X and the switch sends
the Access Request to the RADIUS server, the switch should be configured to
send RADIUS accounting packets to the RADIUS server. When the user
authenticates using 802.1X with the switch, switch would send the Accounting Start
packet to the RADIUS server, then the RADIUS server should add the IPOQUE
attributes to the accounting packet and proxy the accounting packet to the
IPOQUE device. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>To configure the RADIUS server to proxy the accounting packets,
read the notes in the proxy.conf file. You will want to add the IPOQUE attributes
to the Accounting packet in the pre-proxy section of the configuration:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:4.8pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>server ipoque {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> accounting {<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:4.8pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> pre-proxy {<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:4.8pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> update
proxy-request {<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:4.8pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> ipoque-class
:= "raduser"<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:4.8pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> }<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> }<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>}<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Tim<o:p></o:p></span></p>
</div>
</div>
</div>
</body>
</html>