(RADIATOR) Cisco 4402 Session-Timeout Issues

Hugh Irvine hugh at open.com.au
Tue Apr 3 18:03:15 CDT 2007 

Hello Dave -

It would be interesting to see a trace 4 debug from Radiator showing  
what is happening with the authentication and the interim accounting.

If you send me a copy of the configuration file and a trace 4 debug I  
will take a look.

I would have thought that a Session-Timeout sent in an acess accept  
would limit the overall session time, but I wonder if you are sending  
a Session-Timeout in the Accounting-Response?

In either case I would check with Cisco and perhaps submit a bug report.

regards

Hugh


On 4 Apr 2007, at 05:39, David Heinz wrote:

> I have a Cisco wireless controller (the 4402). I have 2 standard  
> WLAN's configured on it, one authenticates off of LDAP via RADIUS  
> using WPA stuff...one is wide open and uses a portal for  
> authentication purposes. This of course will be used for any  
> vendors who come to visit the company. The problem I am seeing is  
> the following..
>
> I would like to limit the Vendors session to a specific amount of  
> time. I am sending back a "Session-Timeout" to the user, and its  
> being applied as at times the session will timeout at the given  
> interval. I say at times because there are other cases when the  
> device will send an "Interim" accounting packet...and then my  
> session will terminate exactly the "Session-Timeout" + Acct-Session- 
> Time that was sent in the interim packet. It seems like the  
> Wireless controller is resetting the "Session-Timeout" to the  
> original value once it receives an ACK for any interim accounting  
> packets.
>
> Is this the proper behavior of Session-Timeout? Or is this 4402  
> code from Cisco flawed? Any ideas?
>
> -Dave
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list