Hi, In my current environment I'm using Radius Proxy. As a new requirement I want to allow all users whom rejected by Proxy to connect to Network, but put them in walled garden and let them to access only specified resources. Also when they get connected I should store their IP, Mac, NAS information which exist in accounting packet. I want to create virtual server on radius proxy and handle all REJECTED users with this. Problem is, there isn't any relation between authentication and accounting packets so I don't know which accounting packets are related to REJECTED users to forward them to virtual server. I have two Ideas which may help me to solve this issue: 1- Store POSTAUTH message in DB and then when I receive accounting packets, in preacct stage lookup user's info using (mac+nas+nas-port) in POSTAUTH DB and then decide to forward packet to PROXY or Virtual server. 2- When I'm sending access-accept, send another attribute to NAS (which is Cisco), and NAS should include this special attribute in all accounting packets of REJECTED users so using this I can seprate users and send correct accounting info to PROXY or virtual server. (Trying to use a kind of marking method, which I'm not sure it's possible). I would be thankful if you kindly share your Ideas about this problem and other possible methods to solve it. Kind Regards, Nasser