Detecting RELATED accounting packets

Vijay S vijay.hcr at
Tue Nov 17 15:15:15 CET 2015

Hi Nasser
It would have been helpful if you mentioned what NAS you are using.

Vijay A.

On Tuesday, November 17, 2015, Nasser Heidari <nasser at> wrote:

> Hi,
> In my current environment I'm using Radius Proxy. As a new requirement I
> want to allow all users whom rejected by Proxy to connect to Network, but
> put them in walled garden and let them to access only specified resources.
> Also when they get connected I should store their IP, Mac, NAS information
> which exist in accounting packet.
> I want to create virtual server on radius proxy and handle all REJECTED
> users with this. Problem is, there isn't any relation between
> authentication
> and accounting packets so I don't know which accounting packets are related
> to REJECTED users to forward them to virtual server.
> I have two Ideas which may help me to solve this issue:
> 1- Store POSTAUTH message in DB and then when I receive accounting packets,
> in preacct stage lookup user's info using (mac+nas+nas-port) in POSTAUTH DB
> and then decide to forward packet to PROXY or Virtual server.
> 2- When I'm sending access-accept, send another attribute to NAS (which is
> Cisco), and NAS should include this special attribute in all accounting
> packets of REJECTED users so using this I can seprate users and send
> correct
> accounting info to PROXY or virtual server. (Trying to use a kind of
> marking
> method, which I'm not sure it's possible).
> I would be thankful if you kindly share your Ideas about this problem and
> other possible methods to solve it.
> Kind Regards,
> Nasser
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list