Can freeRADIUS originate CoA Acks?

Chavez, Andres ((HP Networking - Roseville)) andres.chavez at hp.com
Fri Apr 11 23:03:59 CEST 2014


The short:
I know freeRADIUS can originate CoA packets.  I configured this and is working perfectly.  However, I am in need of freeRADIUS (acting as proxy) to originate CoA Acks when it receives a CoA packet destined for the NAS.

The long:
I have a Cisco ACS and a non-Cisco NAS.  The NAS does not support CoA.  However, ACS is sending CoA packets to the NAS and the NAS must act accordingly (this is a requirement.)  In order to meet these requirement, I placed freeRADIUS as a proxy between the NAS and ACS.  This is what I already have working:


1.      freeRADIUS intercepts Accept packets and modifies before sending to NAS.

2.      freeRADIUS intercepts CoA packets and sends SOAP commands to NAS to perform actions in the CoA attributes.

3.      freeRADIUS forwards CoA packet to NAS (which NAS ignores.)

4.      NAS reacts to SOAP commands as expected.

The problem is that since the NAS ignores the CoA packet, it never sends a CoA Ack.  As a consequence, ACS's status is outdated since it does not know that the parameters in the CoA yielded results.

What I need is a way to have freeRADIUS (acting as proxy) to send a CoA Ack when it intercepts the CoA packet (preferably after the SOAP commands are executed, but not required.)

Can this be achieved with freeRADIUS?  Or is there an external script I can run to generate and send such a packet to ACS?

Thanx in advance.

Andre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140411/99c4b312/attachment.html>


More information about the Freeradius-Users mailing list