Acct-Authentic in Accounting-On and Accounting-Off forms of Accounting-Request. Valid?

Nick Lowe nick.lowe at
Thu May 21 18:14:17 CEST 2015

Sorry, less haste more speed... RFC 3580 specifies it's scoped on a
per-AP/SSID basis:

"In IEEE 802.11, where the SSID is known, it SHOULD be appended to the
Access Point MAC address, separated from the MAC address with a ":".
Example "00-10-A4-23-19-C0:AP1".

Ambiguity: Does this mean the wired or wireless MAC address?

Enterprise APs operate these days on a per VAP basis, operating with
multiple radios. This wasn't the case when RFC 3580 was written.
So, AP vendors should set this value in Access-Request packets with
vendors do, I think, already do this.

Perhaps this needs some cogent, joined up thinking to come up with
something suited for the future?



On Thu, May 21, 2015 at 4:53 PM, Nick Lowe <nick.lowe at> wrote:
> Hi Alan,
> A BSS is always unique on a per-VAP basis, so that's
> per-SSID-per-radio-per-physical-AP.
> Does the RADIUS spec prohibit accounting on a per-BSS basis, which is
> the basis of how all APs offer service to clients/stations (STAs)?
> RFC 3580 does specify that Access-Requests will be scoped to a
> per-BSSID/per-SSID basis via the Called-Station-Id, so why not
> implement the same behaviour for accounting?
> In the Aerohive model, there are no central controllers - each AP is a
> RADIUS client.
> Without the Called-Station-Id, there is no specificity to an
> Accounting-On or Accounting-Off and they become a blunt instrument,
> and actually rather useless/meaningless. It doesn't match how APs
> actually operate so things should change.
> Yes, it has not been traditionally done.
> The RADIUS accounting spec was written long before wireless NASes
> existed, but I actually think that it would make sense for all
> wireless vendors to align to this model - scoping to the BSS with the
> Called-Station-Id and sending Accounting-On and Accounting-Off on a
> per-BSS basis (which means sent on a physical AP basis, even where
> it's actually transmitted by a central controller).
> This already happens for Access-Request packets, and
> Accounting-Request packets with Start, Interim-Update and Stop with
> most vendors in this space via the Called-Station-Id.
> Appreciate your thoughts!
> Cheers,
> Nick

More information about the Freeradius-Users mailing list