Detecting RELATED accounting packets
nasser at rasana.net
Tue Nov 17 15:42:38 CET 2015
Thanks for your helpful point. I'm using Cisco NAS (Cisco ASR and Cisco 7200
[mailto:freeradius-users-bounces+nasser=rasana.net at lists.freeradius.org] On
Behalf Of Vijay S
Sent: Tuesday, November 17, 2015 5:45 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Detecting RELATED accounting packets
It would have been helpful if you mentioned what NAS you are using.
On Tuesday, November 17, 2015, Nasser Heidari <nasser at rasana.net> wrote:
> In my current environment I'm using Radius Proxy. As a new requirement
> I want to allow all users whom rejected by Proxy to connect to
> Network, but put them in walled garden and let them to access only specified
> Also when they get connected I should store their IP, Mac, NAS
> information which exist in accounting packet.
> I want to create virtual server on radius proxy and handle all
> REJECTED users with this. Problem is, there isn't any relation between
> authentication and accounting packets so I don't know which accounting
> packets are related to REJECTED users to forward them to virtual
> I have two Ideas which may help me to solve this issue:
> 1- Store POSTAUTH message in DB and then when I receive accounting
> packets, in preacct stage lookup user's info using (mac+nas+nas-port)
> in POSTAUTH DB and then decide to forward packet to PROXY or Virtual server.
> 2- When I'm sending access-accept, send another attribute to NAS
> (which is Cisco), and NAS should include this special attribute in all
> accounting packets of REJECTED users so using this I can seprate users
> and send correct accounting info to PROXY or virtual server. (Trying
> to use a kind of marking method, which I'm not sure it's possible).
> I would be thankful if you kindly share your Ideas about this problem
> and other possible methods to solve it.
> Kind Regards,
> List info/subscribe/unsubscribe? See
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users