(RADIATOR) Cisco 4402 Session-Timeout Issues
hugh at open.com.au
Tue Apr 3 18:03:15 CDT 2007
Hello Dave -
It would be interesting to see a trace 4 debug from Radiator showing
what is happening with the authentication and the interim accounting.
If you send me a copy of the configuration file and a trace 4 debug I
will take a look.
I would have thought that a Session-Timeout sent in an acess accept
would limit the overall session time, but I wonder if you are sending
a Session-Timeout in the Accounting-Response?
In either case I would check with Cisco and perhaps submit a bug report.
On 4 Apr 2007, at 05:39, David Heinz wrote:
> I have a Cisco wireless controller (the 4402). I have 2 standard
> WLAN's configured on it, one authenticates off of LDAP via RADIUS
> using WPA stuff...one is wide open and uses a portal for
> authentication purposes. This of course will be used for any
> vendors who come to visit the company. The problem I am seeing is
> the following..
> I would like to limit the Vendors session to a specific amount of
> time. I am sending back a "Session-Timeout" to the user, and its
> being applied as at times the session will timeout at the given
> interval. I say at times because there are other cases when the
> device will send an "Interim" accounting packet...and then my
> session will terminate exactly the "Session-Timeout" + Acct-Session-
> Time that was sent in the interim packet. It seems like the
> Wireless controller is resetting the "Session-Timeout" to the
> original value once it receives an ACK for any interim accounting
> Is this the proper behavior of Session-Timeout? Or is this 4402
> code from Cisco flawed? Any ideas?
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
CATool: Private Certificate Authority for Unix and Unix-like systems.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator