[EXTERNAL] Re: [EXT] problem with Simultaneous-Use roaming

Mustafa Nassir mustafa.n.gaid at gmail.com
Mon Jun 17 11:39:37 CEST 2019


Wow, very helpful and very nice replay thank u very much ,

في الاثنين، ١٧ يونيو، ٢٠١٩ ١٢:٢٣ م Winfield, Alister via Freeradius-Users <
freeradius-users at lists.freeradius.org> كتب:

> Hint it's not RADIUS that’s going to fix this much like many things that
> come up on this list the problem is the flawed assumption that RADIUS is in
> control. The control is really in the session managing device here likely
> something to do with the AP. So a free hint.
>
> You need to understand the AP's behaviour. Especially so if each of your
> AP's are independent.  Remember an AP only has two possible triggers to
> mark you as 'gone' and thus send a stop. (I don't think there are any more
> than this in reality)
>
> 1) Disassociation. Read your device appears to have vanished at the WiFi
> layer (well it 'could' be an active disconnect but its far more likely the
> device just goes out of range). Obviously there are timers involved to
> avoid transient loss causing authentication storms.
> 2) DHCP timeout.
>
> Neither are particularly quick. So you are very likely to get >1 session
> even though the device is only in one actual location on one AP.
>
> NB: In a managed AP setup the session management is centralised so the
> device association can migrate between AP's without reauthentication.
> Problem solved but last time I looked you pay $$$$$$..
>
> So nothing to do with RADIUS more to do with how WiFi and DHCP standards
> operate and how your AP's actually manage sessions. Understand that first
> then work out how to get the behaviour you desire if that’s possible. It
> might be that there is no clear solution so you might need to compromise
> slightly.
>
> Alister
>
>
>
>
> On 14/06/2019, 16:46, "Freeradius-Users on behalf of Mustafa Nassir"
> <freeradius-users-bounces+alister.winfield=sky.uk at lists.freeradius.org on
> behalf of mustafa.n.gaid at gmail.com> wrote:
>
>     nice sound , do u have any suggestion what is best way to limit total
> users
>     uses in without use  (Simultaneous-Use) , i test  delay-time but its
> same
>     things the users cant reconnect when it go to new ap signal .
>
>     On Fri, Jun 14, 2019 at 6:09 PM Brian Julin <BJulin at clarku.edu> wrote:
>
>     >
>     > Mustafa Nassir <mustafa.n.gaid at gmail.com> wrote:
>     >
>     > > i have problem with 802.1X , i have multi openwrt access point all
> it
>     > work
>     > > with wpa2-enterprise and freeradius server with mysql in other
> side , in
>     > > freeradius i enable Simultaneous-Use my problem is when my users
> move
>     > from
>     > > first ap to second or to third ap its disconnect and reconnect and
> in
>     > some
>     > > time its take over 10-30 second to reconnect successful . i set
> ideal
>     > > time-out 1s and life-time 1s . its reconnect faster than first one
> , but
>     > > its stay disconnect when they move , any idea ?
>     >
>     > Probably the APs are not sending an Accounting Stop packet soon
> enough.
>     > You'll have to do some packet analysis to see how late they are.  It
> might
>     > be possible to insert a delay in the authentication to wait for the
>     > Accounting-Stop
>     > before checking Simultaneous-Use... dunno, I never used this feature
> for
>     > exactly
>     > this reason.
>     > -
>     > List info/subscribe/unsubscribe? See
>     >
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7Calister.winfield%40sky.uk%7C60a141039be44279b64a08d6f0df808f%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C636961240055054273&sdata=2oEZ3q4SItBRTW%2BZY3zF2JUEr81HpWyBVHKtiiKCNs0%3D&reserved=0
>     -
>     List info/subscribe/unsubscribe? See
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7Calister.winfield%40sky.uk%7C60a141039be44279b64a08d6f0df808f%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C636961240055064282&sdata=m4%2Bgmby1ca%2BzwzHvYVFV48OiZunn%2FWBXvjQaqrLUWWo%3D&reserved=0
>     --------------------------------------------------------------------
>     This email is from an external source. Please do not open attachments
> or click links from an unknown or suspicious origin. Phishing attempts can
> be reported by sending them to phishing at sky.uk as attachments. Thank you
>     --------------------------------------------------------------------
>
>
>
> Information in this email including any attachments may be privileged,
> confidential and is intended exclusively for the addressee. The views
> expressed may not be official policy, but the personal views of the
> originator. If you have received it in error, please notify the sender by
> return e-mail and delete it from your system. You should not reproduce,
> distribute, store, retransmit, use or disclose its contents to anyone.
> Please note we reserve the right to monitor all e-mail communication
> through our internal and external networks. SKY and the SKY marks are
> trademarks of Sky Limited and Sky International AG and are used under
> licence.
>
> Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited
> (Registration No. 2067075), Sky Subscribers Services Limited (Registration
> No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or
> indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the
> companies mentioned in this paragraph are incorporated in England and Wales
> and share the same registered office at Grant Way, Isleworth, Middlesex TW7
> 5QD
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list