Acct-Authentic in Accounting-On and Accounting-Off forms of Accounting-Request. Valid?
Nick Lowe
nick.lowe at gmail.com
Thu May 21 18:14:17 CEST 2015
Sorry, less haste more speed... RFC 3580 specifies it's scoped on a
per-AP/SSID basis:
"In IEEE 802.11, where the SSID is known, it SHOULD be appended to the
Access Point MAC address, separated from the MAC address with a ":".
Example "00-10-A4-23-19-C0:AP1".
Ambiguity: Does this mean the wired or wireless MAC address?
Enterprise APs operate these days on a per VAP basis, operating with
multiple radios. This wasn't the case when RFC 3580 was written.
So, AP vendors should set this value in Access-Request packets with
BSSID:SSID, not AP_WIRED_MAC:SSID or CONTROLLER_WIRED_MAC:SSID. Most
vendors do, I think, already do this.
Perhaps this needs some cogent, joined up thinking to come up with
something suited for the future?
Cheers,
Nick
On Thu, May 21, 2015 at 4:53 PM, Nick Lowe <nick.lowe at gmail.com> wrote:
> Hi Alan,
>
> A BSS is always unique on a per-VAP basis, so that's
> per-SSID-per-radio-per-physical-AP.
>
> Does the RADIUS spec prohibit accounting on a per-BSS basis, which is
> the basis of how all APs offer service to clients/stations (STAs)?
>
> RFC 3580 does specify that Access-Requests will be scoped to a
> per-BSSID/per-SSID basis via the Called-Station-Id, so why not
> implement the same behaviour for accounting?
>
> In the Aerohive model, there are no central controllers - each AP is a
> RADIUS client.
>
> Without the Called-Station-Id, there is no specificity to an
> Accounting-On or Accounting-Off and they become a blunt instrument,
> and actually rather useless/meaningless. It doesn't match how APs
> actually operate so things should change.
>
> Yes, it has not been traditionally done.
>
> The RADIUS accounting spec was written long before wireless NASes
> existed, but I actually think that it would make sense for all
> wireless vendors to align to this model - scoping to the BSS with the
> Called-Station-Id and sending Accounting-On and Accounting-Off on a
> per-BSS basis (which means sent on a physical AP basis, even where
> it's actually transmitted by a central controller).
>
> This already happens for Access-Request packets, and
> Accounting-Request packets with Start, Interim-Update and Stop with
> most vendors in this space via the Called-Station-Id.
>
> Appreciate your thoughts!
>
> Cheers,
>
> Nick
More information about the Freeradius-Users
mailing list