coa proxy'ing with a NAC device

[Kevin Ehlers]

 I'm having a really hard time with proxying or just dealing with
CoA's.  The documentation just isn't working for me.

I can configure the coa server.  I can get the originate-coa server up
too.  I can send CoA's to the server, but I can't get it to proxy them
or re-send them as if it was originating the CoA.  I see that they're
being processed when looking at debug mode.  But I just don't know how
to do anything with them.

This is what I want to do:
[lots of switches doing dot1x]<->[freeradius]<->[NAC device,
PacketFence in this case]

I want to be able to send a CoA request from PacketFence (or another
management server) to freeradius, and have it relay that CoA to a
specific switch.  E.g. I have determined that a user needs to be
quarantined, so I run a script on the backend, and part of that
requires having that user re-authenticate and get assigned a
quarantine vlan.  PF determines which switch they're on, sends a CoA
to FreeRadius, FreeRadius then sends the CoA to the correct switch.

Is there a way to do this without configuring a client entry for every
edge device?  Should I be using the proxy.conf in some way?  I'm not
really clear about how to use the virtual servers in regard to proxying.

Thanks,

-- 
Kevin Ehlers
Network Engineer
University of Oregon