freeradius & cisco COA
James J J Hooper
jjj.hooper at bristol.ac.uk
Sun Aug 21 14:24:03 CEST 2011
On 21/08/2011 13:10, Arran Cudbard-Bell wrote:
> Wow ok a lot of CoA and DM questions lately.
>
>> anyone have like experience to share ,,,
>
> Well it should be the same as any other CoA implementation, except IIRC
> its on port 1700 instead of 3779.
Cisco wireless or wired? We're using Cisco WiSMs/WiSM2s [wireless]. You
have to enable RFC3576 capability per radius server in the config. They
use destination UDP/3799. The only gotcha we've had so far, is that the
CoA packet has to come from the same source IP and *port* as the radius
server is configured as in the WiSM config. Depending on how you are
generating the CoA this may be problematic, but is easily solved with a
line in your iptables config:
*nat
-A POSTROUTING -p udp --dport 3799 -d <NAS-IP> -j SNAT --to-source
<radius-server-IP>:<radius-listening-port>
COMMIT
-James
--
James J J Hooper
Senior Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
More information about the Freeradius-Users
mailing list