RadSec | Status-Server Support

Alan DeKok aland at deployingradius.com
Sat Aug 2 09:50:39 UTC 2025


On Aug 1, 2025, at 5:47 PM, Cyrus Humphreville <theovandoesburg at gmail.com> wrote:
> Does RadSec support Status-Server (I only see reference to UDP in RFC
> 5997)?

  Yes.

> In RFC 6614 for RadSec, however, I do see reference to
> Status-Server, but in practice, we can't seem to get it to work (probably
> PEBKAC).

  Configure status_check = status-server as documented?

> NAS (standalone Aruba AP) --> FreeRADIUS Proxy (macOS) --> Nginx VIP (TCP
> 2083) --> FreeRADIUS Servers (RHEL 9)
> 
> The NAS sends RADIUS via UDP to the proxy, which then proxies it to TCP for
> RadSec. We were expecting the proxy itself to send Status-Server requests
> to the FreeRADIUS VIP, but it doesn't seem to do so, and we don't see any
> Status-Server attempts when the proxy is in debug.

  The proxy only sends Status-Server if it thinks that the next hop might be down.  As per RFC 2865 Section 2.6, it doesn't send Status-Server when there is no auth / acct traffic.

  Alan DeKok.



More information about the Freeradius-Users mailing list