OT: Cisco Disconnect-Request packets
James J J Hooper
jjj.hooper at bristol.ac.uk
Wed Aug 24 21:20:02 CEST 2011
On 24/08/2011 19:11, Arran Cudbard-Bell wrote:
>
>>
>> radclient -xs -f /tmp/disconnect.txt 172.17.107.210:3799 disconnect secret
>> Sending Disconnect-Request of id 7 to 172.17.107.210 port 3799
>> User-Name = "testUser at bristol.ac.uk"
>> Calling-Station-Id = "89:c6:65:99:39:52"
>> Service-Type = Login-User
>> rad_recv: Disconnect-ACK packet from host 172.17.107.210 port 3799, id=7, length=20
>>
>> Total approved auths: 1
>> Total denied auths: 0
>> Total lost auths: 0
>>
>> ...so it seems you need User-Name, Calling-Station-Id and Service-Type.
>
>> From RFC 3576
...
>
> That service-type looks iffy to me? Are you 100% sure its required? Could you try swapping it out for another session attribute like Acct-Session-ID? It might just need 3 or more identifying attributes, some vendors have really weird implementations.
RFC 3576:
Disconnect Messages
Request ACK NAK # Attribute
0-1 0 0-1 6 Service-Type [Note 6]
<snip>
Anyway, those three attributes are from Cisco bug: CSCso52532 (a feature
request for Cisco to actually document their CoA packet requirements), and
"it works for me".
-James
More information about the Freeradius-Users
mailing list