hi,
we have this configuration..
policy-map type control DHCP
class type control IP_UNAUTH_COND event timed-policy-expiry
5 set-timer IP_UNAUTH_TIMER 1
10 service disconnect
!
class type control always event session-start
5 authorize aaa list AUTHOR_LIST password 7300test identifier remote-id
26 service-policy type service name L4REDIRECT_SERVICE
27 service-policy type service name OPENGARDEN_SERVICE
50 set-timer IP_UNAUTH_TIMER 1
!
class type control always event account-logon
10 authenticate aaa list AUTHOR_LIST
!
class type control always event session-restart
5 authorize aaa list AUTHOR_LIST password 7300test identifier remote-id
20 service-policy type service name OPENGARDEN_SERVICE
30 service-policy type service name L4REDIRECT_SERVICE
50 set-timer IP_UNAUTH_TIMER 1
!
class type control always event account-logoff
10 service disconnect
!
Here are the testings that we're trying to do:
connect as a dhcp user. (session start). once authenticated, delete the profile on the radius.
turn off the modem, then after some seconds, turn on the modem. The expected behavior is for that same user to reauthenticate again, and since the profile is already deleted from the database, it should be rejected.
However, turning off the modem won't send DHCP Termination to the router, so the sss profile still exist on the router. Upon sending dhcp discover, (session restart) the router don't forward the packet to the radius anymore, so instead of unauth, it will just give ip to the client, and the sss status is still authenticated. Is this a correct behaviour. or are we missing something in the config..
thanks.