Change of Authorization (RFC 3576 / 5176)

Alan DeKok aland at
Tue May 19 14:08:39 CEST 2009

  I have just committed *full* support for CoA to the "stable" and
"master" branches on  I'd like to thank the sponsor
of this work, who wishes to remain anonymous.

  In 2.1.6, the server could *originate* CoA packets.  e.g. If the users
bandwidth consumption is over a quota, send a packet to disconnect them.

  In the current "git" code, it can now *receive* CoA packets.  This
also means full proxying of CoA packets.

  It is now possible to implement functionality such as:

	"disconnect user bob"

  This can be done by sending a CoA packet to the server, with User-Name
of "bob".  The policies on the server can then look up in the accounting
database to see where that user has logged in, and fill in the rest of
the CoA packet with NAS IP, port, etc.  The resulting packet can then be
sent to the NAS.

  The only caveat is that none of these policies have been written.  The
functionality works, and has been tested with switches from at least one
major networking vendor.  We now need help to create the policies,
schemas, etc. to implement the required functionality.

  Alan DeKok.

More information about the Freeradius-Users mailing list