Dropping NAS-Port AVP from Acct-Unique-Session-Id by default

Nick Lowe nick.lowe at gmail.com
Fri Sep 18 11:29:02 CEST 2015


I noticed looking through the commits in FreeRADIUS 3.1 that the
Acct-Unique-Session-Id is now using the Acct-Multi-Session-Id in its
construction. Awesome! :)

I wondered while looking at the commit if there has been consideration
about dropping the NAS-Port in the construction so that FreeRADIUS
interoperates, in its default configuration, with wireless controllers that
keep the same Acct-Session-Id when a roam occurs from one BSS/AP to another
BSS/AP?

In that scenario, it is, of course, the controller that is the NAS, not the
APs.

Some controllers set the value of the NAS-Port attribute on per AP or BSS
basis and this therefore changes where a roam occurs.

In my opinion, vendors should be sending a Stop and a Start when a roam
occurs with a constant Acct-Multi-Session-Id being used to allow sessions
to be correlated, but this not the case today.

This has been written about by others too:

http://daniele.albrizio.it/how-to_/freeradiusacct-unique-session-idfix

I was looking in to this area of FreeRADIUS more closely as I have been
engaging with Aerohive on their Acct-Session-Ids. The upcoming HiveOS
releases will have Acct-Session-Ids that have the properties of a GUID/UUID.

At the moment, they're just incremented and are therefore not guaranteed to
be unique across reboots.

Cheers,

Nick Lowe


More information about the Freeradius-Users mailing list