Dropping NAS-Port AVP from Acct-Unique-Session-Id by default

Nick Lowe nick.lowe at gmail.com
Fri Sep 18 12:43:24 CEST 2015

Food for thought....

What is the expected behaviour with Class attributes in accounting
when 802.1X re-authentication occurs?

The clients association/connection is not terminated, so, should we
expect to see a Stop and a Start for the session? With many NASes I
have empirically observed that we do not see this. In my opinion, we
should not.

In the case that accounting for the session carries on without a Stop
and a Start, should then a NAS update the value of the Class
attribute(s) that it accounts with based on new value(s) returned in
the Access-Accept? In my opinion, yes, it should.

I am not convinced therefore that the Class attribute should ever be
used as part of a unique session key therefore.

A unique session key redoes what the Acct-Session-Id should be doing
in the first place because of NAS deficiencies.

My thoughts are that the default behaviour in FreeRADIUS should always be:

&Acct-Unique-Session-Id :=

I also should have mentioned before, that the NAS-Port-Id should be
dropped too in addition to the NAS-Port.



More information about the Freeradius-Users mailing list