Disconnect user session on data counter
Anirudh Malhotra
amalhotra.sp-dl at nkn.in
Fri Dec 4 16:21:11 CET 2015
Thanks a ton mathew for putting in the effort but i was able to do it successfully. I did it under accounting only. Have to give atleast session id and callingstation id in coa request
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html
Also i read your blog, just to correct one small thing cisco wlc listens on 1700 for coa rather than 3799.
Now i just wanted cisco-avpair syntax for redirect url and redirect acl for cisco wlc. So that i can send it from radius. If anybody knows anything about it.
Thanks :)
BR,
Anirudh Malhotra
NKN
Sent from a handheld device, Sorry for typos.
> On 04-Dec-2015, at 16:04, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
>
>> On Fri, Dec 04, 2015 at 10:04:33AM +0530, Anirudh Malhotra wrote:
>> Maybe my question is silly or not precise enough but I understood that my
>> problem can be achieved by CoA, Now my NAS is a cisco WLC and when I am
>> trying to send a disconnect using radclient it gives me following error.
>>
>> echo "Acct-Session-Id=566111b0/e4:25:e7:bb:b9:69/294550,User-Name =
>> anirudh,NAS-IP-Address=10.10.10.10" | radclient 10.10.10.10:1700 disconnect
>> anirudhradius -x
>> Sending Disconnect-Request of id 171 to 10.10.10.10 port 1700
>> Acct-Session-Id = "566111b0/e4:25:e7:bb:b9:69/294550"
>> User-Name = "anirudh"
>> NAS-IP-Address = 10.10.10.10
>> rad_recv: Disconnect-NAK packet from host 10.10.10.10 port 1700, id=171,
>> length=26
>> Error-Cause = Session-Context-Not-Found
>>
>> Anyone came accross this? Please help me out
>
> I found Cisco CoA disconnect tricky to get working, but it is
> possible when you've done everything right. I wrote a blog post
> about it a few years ago:
>
> http://notes.asd.me.uk/2011/02/25/cisco-wireless-lan-controller-radius-disconnect/
>
> You have to get the Service-Type correct - the same as in the
> accounting packets, then include Calling-Station-Id or User-Name.
>
> It's possible you can use other combinations of attributes
> (e.g. Service-Type and Acct-Session-Id) but I haven't tried it.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list