Dropping RADIUS accounting packets based upon NAS IP Address
Alex Sharaz
alex.sharaz at york.ac.uk
Fri Jan 5 15:30:53 CET 2018
Hi,
UoY provides eduroam availability at a number of NHS sites in the area who
all use Cisco wireless controllers.
I was just testing our new Grimsby connection ( remote controller pushes
auth and accounting packets down a RADSEC tunnel to our Tier 1 eduroam
servers) when I noticed that in addition to accounting packets relating to
the eduroam SSID I was seeing accounting packets from other devices which
had different NAS-IP-Address IP addresses to the one I was expecting.
I know its their problem to fix but is there any way in FR 3.0.15 I can
drop packets with a NAS IP Address != the one I should be seeing?
We dump accounting / auth info into a postgres db and into our logstash
service and I'd rather not have accounting info I shouldn't be seeing in
there ...
Rgds
Alex
More information about the Freeradius-Users
mailing list