This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Radius Access Req and Accounting for same session from different devices IPs

Radius Access Req and Accounting for same session from different devices IPs

mp2014
New Contributor II

‎05-19-2016 05:42 AM

We are using third party wireless devices which send radius access requests to our NAC appliances which works great. Problem is the accounting packets are coming from another device / source ip to the nac gateway (all accounting proxied through another server) - so the nac gateway drops this information. Is there any trick to get these accounting information accepted by the gateway anyway? Even if the device differs?
0 Kudos
3 REPLIES 3

Keene__Scott
Extreme Employee

‎06-02-2016 04:03 PM

Hello,

I am not sure this is something we support, and as per Q/A, this scenario has never been tested. Its safe to say that perhaps this will not work, since that is what you are seeing. Can you clarify if it works if you proxy both access requests and accounting frames through the same proxy server?

Otherwise, you should probably get a case started with GTAC and gather some traces and debug etc if you need it pursued further. There is nothing configuration-wise that I can think that will help here, if the source of the accounting frames is already in the switch list as you noted it is.

-Scott Keene
0 Kudos

mp2014
New Contributor II

‎06-02-2016 02:29 PM

Hello,

both devices - the one sending the access requests and the one sending accounting packets - are valid radius clients in NAC (in switch list). But accounting and radius access requests are coming from different devices while belonging to the same session.
Both devices are radius proxies, one is responsible for the access requests, the other for accounting data. The accounting data gets dropped...
So thats not a typical setup, but would be nice to get this working.
0 Kudos

Keene__Scott
Extreme Employee

‎06-02-2016 10:56 AM

Hello,

NAC will only answer requests from valid RADIUS clients. Is the device that sent the Accounting frames is not a RADIUS client of the NAC, then it will drop the frame. Note that even if you do add the device to NAC's client list with the same shared secret etc (Switches tab in NAC Manager) this has never been tested by Q/A so Im not sure what will happen. Typically the device that is sending the RADIUS Requests for authentication, also directly sends the Accounting requests.

Regards,

Scott Keene
0 Kudos
GTM-P2G8KFN