Dropping NAS-Port AVP from Acct-Unique-Session-Id by default
nick.lowe at gmail.com
Fri Sep 18 12:43:24 CEST 2015
Food for thought....
What is the expected behaviour with Class attributes in accounting
when 802.1X re-authentication occurs?
The clients association/connection is not terminated, so, should we
expect to see a Stop and a Start for the session? With many NASes I
have empirically observed that we do not see this. In my opinion, we
In the case that accounting for the session carries on without a Stop
and a Start, should then a NAS update the value of the Class
attribute(s) that it accounts with based on new value(s) returned in
the Access-Accept? In my opinion, yes, it should.
I am not convinced therefore that the Class attribute should ever be
used as part of a unique session key therefore.
A unique session key redoes what the Acct-Session-Id should be doing
in the first place because of NAS deficiencies.
My thoughts are that the default behaviour in FreeRADIUS should always be:
I also should have mentioned before, that the NAS-Port-Id should be
dropped too in addition to the NAS-Port.
More information about the Freeradius-Users