Mohamed,
Tim, your
analysis of ipoque operation is correct. IPOQUE receives the accounting request
as a way to dynamically map a user/IP to a class (where combination of
rules/policy are applied based on protocol and application user is using). What
I am trying to acheive actually is not proxying accounting from NAS towards
IPOQUE, but rather triggering it from radius towards ipoque upon completion of
user authentication and authorization. Ipoque is a Layer-2 bridge where it
transparently sits at the gateway of network to control the use of Internet
bandwidth and usage (p2p control, streaming control, and many categories
of traffic). Users do not have to authenticate to ipoque, and users are
actually within the LAN on wired network, where they authenticate to NAS which
then contacts server. This setup I am trying for a university for
controlling users access to Internet, taking advantage of the powerful
capability of ipoque to discover traffic and categorise it with high precision
It’s not clear to me how your users are authenticated –
what device is doing the authentication. The users are connected to a wired
LAN. Are they authenticating with the switch using 802.1X? What device is
sending the RADIUS Access Request packet to the RADIUS server? Assuming that
the users are authenticating to the switch using 802.1X and the switch sends
the Access Request to the RADIUS server, the switch should be configured to
send RADIUS accounting packets to the RADIUS server. When the user
authenticates using 802.1X with the switch, switch would send the Accounting Start
packet to the RADIUS server, then the RADIUS server should add the IPOQUE
attributes to the accounting packet and proxy the accounting packet to the
IPOQUE device.
To configure the RADIUS server to proxy the accounting packets,
read the notes in the proxy.conf file. You will want to add the IPOQUE attributes
to the Accounting packet in the pre-proxy section of the configuration:
server ipoque {
accounting {
pre-proxy {
update
proxy-request {
ipoque-class
:= "raduser"
}
}
}
Tim