[RADIATOR] Assigning IP's directly from the Radius server

Christian Kratzer ck-lists at cksoft.de
Mon Feb 7 07:28:51 CST 2011 

Hi Gerard,

On Mon, 7 Feb 2011, Gerard Alcorlo Bofill wrote:

> Thanks Christian,
>
> but the IP address is not in my Accounting-request. May be I need to do
> some changes to the AP configuration...
>
> That's the log I get from the Radius when the AP sends an Start and a
> Stop accounting-requests. If I could get the IP from the
> accounting-request it would one easy and clean solution but I don't know
> how to do it.

Ok. I did not pay attention to access point part. ;(

There is no ip address in the accounting as the access points do not
assign the ip address.  That is also why radius cannot control the
assignment of an ip address.

The dhcp server that assigns the ip has no link to the Wireless session
on the access-point.

As Heikki wrote in his first mail you might get lucky if you use
the dhcp server integrated into the access-point.  I am not sure
if that would scale over multiple access points though.

Apart from that your only solution is propably to regularly parse
the dhcp servers logs or somehow hook into the dhcp servers
assignment process and match the clients by mac adress.

Greetings
Christian


>
>
> *** Received from 192.168.50.9 port 1646 ....
> Code:       Accounting-Request
> Identifier: 200
> Authentic:  <14><192>d<210><169><24><165><15><242>:3<25>H<189>iW
> Attributes:
> 	Acct-Session-Id = "00003186"
> 	Called-Station-Id = "000e380d04a1"
> 	Calling-Station-Id = "c417fe53f792"
> 	cisco-avpair = "ssid=eduroam"
> 	cisco-avpair = "vlan-id=54"
> 	cisco-avpair = "nas-location=unspecified"
> 	User-Name = "galcorlo at cesca.cat"
> 	cisco-avpair = "connect-progress=Call Up"
> 	Acct-Authentic = RADIUS
> 	Acct-Status-Type = Start
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Cisco-NAS-Port = "1127"
> 	NAS-Port = 1127
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 192.168.50.9
> 	Acct-Delay-Time = 0
>
>
>
>
> *** Received from 192.168.50.9 port 1646 ....
> Code:       Accounting-Request
> Identifier: 207
> Authentic:  J<192>]<142><20><149><196><164><165>P<227><169><218><147>]<171>
> Attributes:
> 	Acct-Session-Id = "00003186"
> 	Called-Station-Id = "000e380d04a1"
> 	Calling-Station-Id = "c417fe53f792"
> 	cisco-avpair = "ssid=eduroam-"
> 	cisco-avpair = "vlan-id=54"
> 	cisco-avpair = "nas-location=unspecified"
> 	cisco-avpair = "auth-algo-type=eap-peap"
> 	User-Name = "galcorlo at cesca.cat"
> 	Acct-Authentic = RADIUS
> 	cisco-avpair = "connect-progress=Call Up"
> 	Acct-Session-Time = 282
> 	Acct-Input-Octets = 95290
> 	Acct-Output-Octets = 1349850
> 	Acct-Input-Packets = 806
> 	Acct-Output-Packets = 962
> 	Acct-Terminate-Cause = Lost-Carrier
> 	cisco-avpair = "disc-cause-ext=No Reason"
> 	Acct-Status-Type = Stop
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Cisco-NAS-Port = "1127"
> 	NAS-Port = 1127
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 192.168.50.9
> 	Acct-Delay-Time = 0
>
>
> --
> Gerard
>
> Al 07/02/11 11:39, En/na Christian Kratzer ha escrit:
>> Dear Gerard,
>>
>> On Mon, 7 Feb 2011, Gerard Alcorlo Bofill wrote:
>>
>>> Heikki, you do understood my problem.
>>> And you confirmed me my suspicions, Framed-* attributes are ONLY for
>>> connections such as PPP or PPPoE.
>>>
>>> I wanted to do all this work to have all logs centralized to radius and
>>> to be able tu run radwho.cgi script to see which IP addresses were being
>>> used in real time.
>>>
>>> At this moment radwho.cgi is not showing the assigned IP address because
>>> radius doesn't know the IP assigned by the DHCP server. The problem is
>>> that if I want to trace a connection I need to match the MAC address at
>>> the DHCP server and the Radiator server.
>>>
>>> Do you think trying to pass the IP using SNMP traps from the AP would
>>> be a good option or is there easier solution?
>>
>> The usual way to get the assigned ip would be to process radius
>> accounting. Accounting records would also fill your session database
>> which radwho.cgi could then query.
>>
>> Accounting would get you start, stop and interim records which all
>> included the actual assigned ip.
>>
>> This would also let you have the nas assign the ips which is also much
>> more stable in the long run.
>>
>> Greetings
>> Christian
>>
>

-- 
Christian Kratzer                      CK Software GmbH
Email:   ck at cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer

More information about the radiator mailing list