Originating CoA

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Dec 4 21:58:19 CET 2012

On 4 Dec 2012, at 18:14, amanda edades <amanda.edades at gmail.com> wrote:

> Hello,
> I am trying to use my RADIUS server to designate user group memberships specifying QoS policies and monthly data caps.  When authenticating, the server returns an AVP that tells what group a user is in, and the NAS will apply the associated QoS policies to his traffic.  The RADIUS server checks if a user is over his data cap on every Access-Request and Interim-Update packet.  When the user exceeds the data cap defined for his group, the RADIUS server originates a CoA and sends a new group assignment in which his traffic is throttled.
> Everything works fine now, but if the RADIUS server finds that a user is over his cap, it first returns its default group assignment taken from the radgroupreply table, then sends a CoA.
> Output from RADIUS:
> Sending Accounting-Response of id 122 to port 33544
>         Access-Group = "Group1"
>   WARNING: Empty pre-proxy section.  Using default return values.
> Sending CoA-Request of id 223 to port 3799
>         User-Name = "1907444"
>         Access-Group = "ThrottledGroup"
> Finished request 8.
> So the NAS receives the default group assignment, then the throttled group assignment immediately after.  To avoid confusion and transmitting unnecessary data, in the case when a data cap is exceeded, how to I prevent the RADIUS server from returning the default values from the radgroupreply table, and only send the CoA?

Add a group check item for the user not being over the limit? 


More information about the Freeradius-Users mailing list