[RADIATOR] Change of Authorization

Michael ringo at vianet.ca
Mon Oct 15 12:34:38 CDT 2012 

This was the hardest thing to get working and automated for me 
personally.  I don't know if there is an easy way of doing it.  I didn't 
find one.  I accomplished it with a complicated process.  It could be as 
simple as a script to execute "./radpwtst -s IP -code 
Change-Filter-Request etc....."


My complicated process goes something like the following, but I would 
suggest making sure the above simple method works for you as I do have a 
couple nas's where CoA just doesn't work with the IOS that it has.

- a script process that injects Change-Filter-Request packets into the 
radiator service, using radpwtst:
  push( @change_args, (
         '-s', 'local radiator ip',
         '-code', 'Change-Filter-Request',
         "Timestamp=$timestamp",
         "NAS-IP-Address=$nas_ip",
         "NAS-Port=$nas_port",
         "Acct-Session-Id=$sess_id",
         "Framed-IP-Address=$ip",
         "Class=$class",
         "cisco-Policy-Up=$rate_up",
         "cisco-Policy-Down=$rate_down"
         )

- a Handler with custom Hook configured to read the cisco-Policy rate 
values from the injected packet, and look up the proper policy command 
from a radiator global variable depending on the nas-ip-address since I 
have multiple nas's that require different commands.
eg. global variable:
DefineFormattedGlobalVar 1.2.3.4-RATE100M-up    
ip:sub-qos-policy-in=RATE100M
DefineFormattedGlobalVar 1.2.3.4-RATE100M-down 
ip:sub-qos-policy-out=RATE100M

- add 2 "cisco-avpair" attributes to the packet with the up rate and 
down rate commands.  These are the actual commands the NAS needs to 
change the rate limit.  The policy must already be setup on your nas.
ie:
cisco-avpair="ip:sub-qos-policy-in=RATE100M"
cisco-avpair="ip:sub-qos-policy-out=RATE100M"

- then a custom authby that required patching to determine what nas to 
forward the packet to, since i have multiple nas's. Also another authby 
that logs this request which is not required but i wanted to log it.


There's much more to it, but I don't want to get too deep here.  it all 
pretty much revolves around building the Change-Filter-Request packet 
with "./radpwtst -code Change-Filter-Request" and ether send that to the 
nas, or inject it into radiator so you can do other things with it.


Michael


On 15/10/12 12:47 PM, rohan.henry at cwjamaica.com wrote:
> Hello all,
>
> I do not see any info on the captioned in the Radiator documentation. Where do I go to see details on implementing COA?
>
> Thanks.
>
> Rohan
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
>

More information about the radiator mailing list