Redirection to the NAS of an external CoA request

newtownz jean466 at
Tue Jul 20 19:38:32 CEST 2010

Here are a few lines from my cfg files:

In radiusd.conf:

proxy_requests  = yes
$INCLUDE proxy.conf

In proxy.conf:

#(this is where I want to forward)
home_server aruba {
        type = coa
        ipaddr = xx.yy.110.148
        port = 1812
        src_ipaddr = xx.yy.110.128
        coa {
                # Initial retransmit interval: 1..5
                irt = 2

                # Maximum Retransmit Timeout: 1..30 (0 == no maximum)
                mrt = 16

                # Maximum Retransmit Count: 1..20 (0 == retransmit forever)
                mrc = 5

                # Maximum Retransmit Duration: 5..60
                mrd = 30
        secret = testing123

home_server_pool to_aruba {
                home_server = aruba

###Not really sure about the validity of the last 3 lines...

And now I'm puzzled as to how to set the Home-server-pool
as stated in recv-coa section of coa:

 recv-coa {
                #  CoA && Disconnect packets can be proxied in the same
                #  way as authentication or accounting packets.
                #  Just set Proxy-To-Realm, or Home-Server-Pool, and the
                #  packets will be proxied.

I tried to find the way that it is done for authentication packet
and did not succeed.

Also I just want to know if my understanding about the whole
process of proxying the CoA is right:

The default server config file is of no use here, in the coa
I have to state somehow that I want the request to be forwarded
to the controller and in the proxy.conf file I have to create
this controller-server so that freeradius won't complain about
an unknown IP address.


Alan DeKok-2 wrote:
> newtownz wrote:
>> I'm trying to figure out how to send a CoA from freeRadius
>> to the NAS.  The set-up I have involves two servers and an 
>> Aruba controller.  
>   i.e. proxying CoA packets through FreeRADIUS to the NAS.
>   While this should work, it's not a deeply tested scenario.
>>  In this test set-up the client authenticates locally on the
>> freeRadius server.  The server listen on port 3799 for a CoA request
>> that is generated from another computer, the freeRadius accepts
>> the request and sends a ACK to the generator but it does not
>> send anything to the NAS, 
>   Did you configure the server to proxy the CoA request?  Look for
> "proxy" in raddb/sites-available/coa in 2.1.9.
>> I tried to supply in the request a
>> NAS-IP-Address attribute and also tried with Packet-Dst-IP-Address
>> with no success. Also tried different things in CoA and Originate-CoA
>> with the same results.
>   Well.. the "coa" documents exactly what you need to do.  Trying random
> *undocumented* things won't make it work.
>> The goal I'm trying to reach is to supply the user-name in the
>> CoA request that will force the client to silently reconnect and
>> in the meantime I will have changed the Access-List accessible to
>> the client.
>   Use a Disconnect-Request packet to make the client disconnect.
>> 1: Is it possible to send a CoA request to the freeRadius server
>> and then have it relay the request to the Aruba controller?
>   Yes.  This is called "proxying"
>> 2: If it is possible what do I have to put in the configs file
>> and where?
>   This is documented.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list