This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (General)
- RE: Wireless Radius disconnect
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Wireless Radius disconnect
Wireless Radius disconnect
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-12-2013 11:58 AM
Hi Does the Enterasys Wireless controller (V2110) support the Radius disconnect attributes? Disconnect-Request (40) Disconnect-ACK (41) Disconnect-NAK (42) I have a scenario where clients connect and authenticate via a Radius server. The radius accounting monitors the amount of data used, once the user have reach a specific limit I would like to disconnect the user using radius disconnect messages. Thx
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-26-2016 08:43 AM
Regarding this topic, we are seeing the same behaviour when freeradius sends "Disconnect-Request (40)" the C25 Controller (v9.21.09.0004) receives the request we can see it from the traces but never replies back and the user session is not terminated.
Emre Kurtman
Technical Marketing Engineer / Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-27-2014 03:44 PM
Also unless I missed it, the verbose trace showed the Access-Challenge is where the session-timeout was. I could not find it in the Access-Accept at all. While that should be valid, I have only seen it work when in the Access-Accept from the RADIUS server. If the session time on the controller shows the client connecting after 8 min we can review the session table on the controller to see if it does have the session-timeout value properly defined but my guess is it's ignoring it in the challenge and needs to see it in the accept packet.
Doug Hyde
Director, Technical Support / Extreme Networks
Director, Technical Support / Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-27-2014 03:00 PM
Sorry for the late reply, If you view the client report on the controller is the client on longer than the 512 seconds?
-Doug
-Doug
Doug Hyde
Director, Technical Support / Extreme Networks
Director, Technical Support / Extreme Networks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-23-2014 04:43 AM
Hello Doug,
This is the relevant part of users file on my FreeRADIUS setup:
expuser Cleartext-Password := "exppasswd", Expiration := "23 May 2014 08:30:00" Idle-Timeout = 60, Termination-Action = 1
I have expiration module enabled on the authorize section in the sites-enabled/default file.
This is what I get from FreeRADIUS when I do a radtest:
# radtest expuser exppasswd 127.0.0.1 1812 testing123Sending Access-Request of id 23 to 127.0.0.1 port 1812
User-Name = "expuser"
User-Password = "exppasswd"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=23, length=38
Idle-Timeout = 60
Termination-Action = RADIUS-Request
Session-Timeout = 512And the output of freeradius -X:
ad_recv: Access-Request packet from host 127.0.0.1 port 38807, id=119, length=88 User-Name = "expuser"
User-Password = "exppasswd"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x9cefec4ec23437b14f8b94d0a7630ac2
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry expuser at line 207
++[files] returns ok
[expiration] Checking Expiration time: '23 May 2014 08:30:00'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "exppasswd"
[pap] Using clear text password "exppasswd"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 23 to 127.0.0.1 port 38807
Idle-Timeout = 60
Termination-Action = RADIUS-Request
Session-Timeout = 512
Finished request 46.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 46 ID 119 with timestamp +457
Ready to process requests.
I also tested from my EWC (the FreeRADIUS output is much more verbose so I pasted it there : http://pastebin.com/xFu6AdbL
I can successfully authenticate before the expiration date and not after (which is great) but the device I connected via the controller is not disconnected when the session expires.
Does that bring any idea up?
This is the relevant part of users file on my FreeRADIUS setup:
expuser Cleartext-Password := "exppasswd", Expiration := "23 May 2014 08:30:00" Idle-Timeout = 60, Termination-Action = 1
I have expiration module enabled on the authorize section in the sites-enabled/default file.
This is what I get from FreeRADIUS when I do a radtest:
# radtest expuser exppasswd 127.0.0.1 1812 testing123Sending Access-Request of id 23 to 127.0.0.1 port 1812
User-Name = "expuser"
User-Password = "exppasswd"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=23, length=38
Idle-Timeout = 60
Termination-Action = RADIUS-Request
Session-Timeout = 512And the output of freeradius -X:
ad_recv: Access-Request packet from host 127.0.0.1 port 38807, id=119, length=88 User-Name = "expuser"
User-Password = "exppasswd"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x9cefec4ec23437b14f8b94d0a7630ac2
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry expuser at line 207
++[files] returns ok
[expiration] Checking Expiration time: '23 May 2014 08:30:00'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "exppasswd"
[pap] Using clear text password "exppasswd"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 23 to 127.0.0.1 port 38807
Idle-Timeout = 60
Termination-Action = RADIUS-Request
Session-Timeout = 512
Finished request 46.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 46 ID 119 with timestamp +457
Ready to process requests.
I also tested from my EWC (the FreeRADIUS output is much more verbose so I pasted it there : http://pastebin.com/xFu6AdbL
I can successfully authenticate before the expiration date and not after (which is great) but the device I connected via the controller is not disconnected when the session expires.
Does that bring any idea up?
