cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1675
Views
0
Helpful
1
Replies

ISG session restart of an IP session

m.penaredonda
Level 1
Level 1

hi,

we have this configuration..

policy-map type control DHCP

class type control IP_UNAUTH_COND event timed-policy-expiry

5 set-timer IP_UNAUTH_TIMER 1

10 service disconnect

!

class type control always event session-start

5 authorize aaa list AUTHOR_LIST password 7300test identifier remote-id

26 service-policy type service name L4REDIRECT_SERVICE

27 service-policy type service name OPENGARDEN_SERVICE

50 set-timer IP_UNAUTH_TIMER 1

!

class type control always event account-logon

10 authenticate aaa list AUTHOR_LIST

!

class type control always event session-restart

5 authorize aaa list AUTHOR_LIST password 7300test identifier remote-id

20 service-policy type service name OPENGARDEN_SERVICE

30 service-policy type service name L4REDIRECT_SERVICE

50 set-timer IP_UNAUTH_TIMER 1

!

class type control always event account-logoff

10 service disconnect

!

Here are the testings that we're trying to do:

connect as a dhcp user. (session start). once authenticated, delete the profile on the radius.

turn off the modem, then after some seconds, turn on the modem. The expected behavior is for that same user to reauthenticate again, and since the profile is already deleted from the database, it should be rejected.

However, turning off the modem won't send DHCP Termination to the router, so the sss profile still exist on the router. Upon sending dhcp discover, (session restart) the router don't forward the packet to the radius anymore, so instead of unauth, it will just give ip to the client, and the sss status is still authenticated. Is this a correct behaviour. or are we missing something in the config..

thanks.

1 Reply 1

Hello thier,

Can you provide use how you fixed this problem?!!

Regards

AbdelGalil Farid