Dropping RADIUS accounting packets based upon NAS IP Address

Alex Sharaz alex.sharaz at york.ac.uk
Fri Jan 5 15:30:53 CET 2018


UoY provides eduroam availability at a number of NHS sites in the area who
all use Cisco wireless controllers.

I was just testing our new Grimsby connection ( remote controller pushes
auth and accounting packets down a RADSEC tunnel to our Tier 1 eduroam
servers) when I noticed that in addition to accounting packets relating to
the eduroam SSID I was seeing accounting packets from other devices which
had  different NAS-IP-Address IP addresses to the one I was expecting.

I know its their problem to fix but is there any way in FR 3.0.15 I can
drop packets with a NAS IP Address  != the one I should be seeing?

We dump accounting / auth info into a postgres db and into our logstash
service and I'd rather not have accounting info I shouldn't be seeing in
there ...


More information about the Freeradius-Users mailing list