Filtering out Proxy-State in COA to fix broken Cisco NAS
Alan DeKok
aland at deployingradius.com
Fri Aug 10 14:12:35 CEST 2018
On Aug 8, 2018, at 9:19 PM, Fraser McGlinn <fraser at frizianz.com> wrote:
>
> Trying to get COA proxying working with a Cisco NAS. Unfortunately they have a broken implementation where if Proxy-State is in the request it drops it.
That's based on a naive reading of RFC 5176. Happily, my new draft clarifies this. It should be an RFC this year:
https://tools.ietf.org/html/draft-ietf-radext-coa-proxy-03
> I dug and found this old thread http://lists.freeradius.org/pipermail/freeradius-users/2012-April/060456.html implying that we can filter out Proxy-State in attr_filter, however i've had some issues getting this working. Although this was relevant to freeradius 2x, i'm running 3.0.16.
>
> Any other ways to achieve this? Hoping someone can point me in the right direction.
You can delete the Proxy-State attribute in the "pre-proxy" section:
pre-proxy {
...
update proxy-request {
Proxy-State !* ANY
}
...
}
Hope that helps.
Alan DeKok.
More information about the Freeradius-Users
mailing list