Minor RADIUS POD bug in 12.3
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||
|
Posted by Peter Deacon on June 8, 2006, 4:34 pm
Please log in for more thread options
The problem is the MAC address (Calling-Station-ID attribute) accepted by RADIUS POD requests can only be in the CISCO default format. This is still the case even when the global format is changed to IETF and RADIUS accounting messages are sent out in the IETF MAC format. This effectivly breaks Disconnect/COA when the router is configured to send MAC addresses in a different format. Bad request: Jun 8 19:51:16.961: DOT11 POD Received PoD request Jun 8 19:51:16.961: DOT11 POD Invalid MAC address (00-05-4E-45-23-D5) len=17 Jun 8 19:51:16.965: DOT11 POD Could not terminate session, wds=0 err_code=404 Jun 8 19:51:16.965: POD: Added NACK Error Cause: Invalid Request Jun 8 19:51:16.965: POD: Sending NAK from port 1700 to 10.0.3.195/4539 Jun 8 19:51:16.965: RADIUS: 101 6 00000194 A similiar request works with the native formatting for MAC addresses. IMHO it would be useful for interoperabilitiy if it was more liberal in the formats it accepts. At the very least any configured RADIUS accounting format should to be seen as valid coming back via POD. Jun 8 20:00:40.262: POD: 10.0.3.195 request queued Jun 8 20:00:40.262: ++++++ POD Attribute List ++++++ Jun 8 20:00:40.262: 00A772C0 0 00000009 username(344) 6 peterd Jun 8 20:00:40.266: 00BD49CC 0 00000009 interface(156) 1 8 Jun 8 20:00:40.266: 00BD49E0 0 00000001 nas-ip-address(457) 4 10.0.3.2 Jun 8 20:00:40.266: 00BD49F4 0 00000009 clid(27) 14 0005.4e45.23d5 Jun 8 20:00:40.270: 00BD4A08 0 00000001 session-id(319) 4 15423786 (EB592A) Jun 8 20:00:40.270: Jun 8 20:00:40.270: DOT11 POD Received PoD request Jun 8 13:00:40.270 U: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticatin g Station 0005.4e45.23d5 Reason: Disassociated by authentication server tesla# Jun 8 20:00:40.274: POD: Sending ACK from port 1700 to 10.0.3.195/4770 ~Peter | |||||||
| Similar Threads | Posted |
| Minor RADIUS POD bug in 12.3 | June 8, 2006, 4:34 pm |
| Minor Problem with remote access VPN | July 19, 2006, 7:09 am |
| VPN Client, IOS, Radius | July 15, 2005, 2:32 pm |
| Pix VPN Radius Accounting | September 16, 2005, 5:19 am |
| Pix: VPN Radius Accounting | September 21, 2005, 10:58 am |
| radius authentication | February 15, 2006, 7:54 am |
| vpn with SBS 2003 RADIUS | June 16, 2006, 7:52 am |
| Radius attributes on ACS | June 18, 2006, 8:31 am |
| TACACS or RADIUS-Help Please | August 11, 2006, 12:49 pm |
| IOS authentication with MS IAS (AAA/radius) | July 28, 2005, 4:25 pm |
| AAA RADIUS question | September 29, 2006, 1:53 pm |
| Pix 7.2.1 Radius filter-id | November 22, 2006, 8:12 am |
| SBR Radius Config | July 16, 2007, 3:18 pm |
| Re: Radius authentication | July 25, 2007, 2:32 pm |
| Radius AAA -- Am I Dreaming or What? | July 31, 2007, 3:35 pm |
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Click Here to learn more |