Filtering out Proxy-State in COA to fix broken Cisco NAS
Fraser McGlinn
fraser at frizianz.com
Mon Aug 13 09:56:26 CEST 2018
Thanks Alan, that helps a lot. Great info in that draft RFC.
On 2018-08-10 22:12, Alan DeKok wrote:
> On Aug 8, 2018, at 9:19 PM, Fraser McGlinn <fraser at frizianz.com> wrote:
>>
>> Trying to get COA proxying working with a Cisco NAS. Unfortunately
>> they have a broken implementation where if Proxy-State is in the
>> request it drops it.
>
> That's based on a naive reading of RFC 5176. Happily, my new draft
> clarifies this. It should be an RFC this year:
>
> https://tools.ietf.org/html/draft-ietf-radext-coa-proxy-03
>
>> I dug and found this old thread
>> http://lists.freeradius.org/pipermail/freeradius-users/2012-April/060456.html
>> implying that we can filter out Proxy-State in attr_filter, however
>> i've had some issues getting this working. Although this was relevant
>> to freeradius 2x, i'm running 3.0.16.
>>
>> Any other ways to achieve this? Hoping someone can point me in the
>> right direction.
>
> You can delete the Proxy-State attribute in the "pre-proxy" section:
>
> pre-proxy {
> ...
> update proxy-request {
> Proxy-State !* ANY
> }
> ...
> }
>
> Hope that helps.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list