Nick Lowe wrote:
Nope. Acct-Multi-Session-Id handles IDs for multiple sessions. What does that mean? No one knows... the IETF RADIUS working group has had discussion on that topic, with no resolution.
For 802.1X purposes, it is, I thought, pretty well defined in RFC 3580... No?
The document has text. I'm not sure anyone implements it.
No. Every re-auth is a new connection. Always. Anything else is madness.
You have to correlate over these if you want to be able to limit the number of concurrent devices a user is allowed to have connected though, surely?
Each session should contain information about the device. That can be used to terminate old sessions, and move them to the new AP.
Certainly NASes that implement the Acct-Multi-Session-Id support persist that value across re-authenication whether there is an authorisation exchange or not.
RFC 3580 says that the Multi-Session-Id is used where there is no re-authentication. If there's no re-authentication, there's no authorization exchange. Alan DeKok.