Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
2
Replies

WIFI - WLC - Option82 - missing disconnect message

abdullah33
Level 1
Level 1

‎12-28-2014 06:25 AM - edited ‎07-05-2021 02:11 AM

Hi,

we have impelmented wifi solution over our network, we have used the option 82 to help in assigning IP addresses to the clients.

the Setup is mainly as below,

Cisco WLC 8500 --- NAS " Third party" --- AAA server. using RADIUS Protocol.

we dont have any AAA configuration on the WLC side. The WLC configuration is based on Vlan only, this vlan is extended through psuedowire to the NAS end then to the AAA.

Our issue is that when the client disconnect from the WIFI, the AAA doesnt receive anything like disconnect message, and so fake session will be maintained.

Is there any way of forcing the WLC to send disconnect message to the NAS and so the AAA ?

 

Thanks,

Abdullah

 

Labels:
0 Helpful
2 Replies 2

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎02-04-2015 08:04 PM

Please check if the clients gets properly disconnected from the WLC. Also if the disconnected message is not coming then please configure the WLC

Enables or disables RFC 3576, which is an extension to the RADIUS protocol that allows dynamic changes to a user session. RFC 3576 includes support for disconnecting users and changing authorizations applicable to a user session and supports disconnect and change-of-authorization (CoA) messages. Disconnect messages cause a user session to be terminated immediately where CoA messages modify session authorization attributes such as data filters.

 

0 Helpful

Prakash Parvathala
Level 4
Level 4

‎05-22-2015 06:37 AM


Message Exchange

The RADIUS server (the disconnect client) and the NAS (the disconnect server) exchange messages using UDP. The Disconnect-Request sent from the disconnect client is a RADIUS-formatted packet with the Disconnect-Request and one or more attributes.

The disconnect response is either a Disconnect-ACK or a Disconnect-NAK:

If AAA is successful in disconnecting the user, the response is a RADIUS formatted packet with a Disconnect-ACK.

If AAA is unsuccessful in disconnecting the user, the request is malformed, or the request is missing attributes, the response is a RADIUS-formatted packet with a Disconnect-NAK.
Example Disconnect-Request

FreeRADIUS server (radiusd) does not currently have internal Disconnect-Request support however you can send disconnect packets to a Disconnect enabled NAS with radclient as follows:

# echo "Acct-Session-Id=D91FE8E51802097" > packet.txt
# echo "User-Name=somebody" >> packet.txt
# echo "NAS-IP-Address=10.0.0.1" >> packet.txt

# cat packet.txt | radclient -x 10.0.0.1:3799 disconnect ''secret''

Sending Disconnect-Request of id 214 to 10.0.0.1 port 3799


      Acct-Session-Id = "D91FE8E51802097"
      User-Name = "somebody"
      NAS-IP-Address = 10.0.0.1


rad_recv: Disconnect-ACK packet from host 10.0.0.1 port 3799, id=214, length=20

 

Note: The actual attributes which need to be sent in the Disconnect-Request and the port you send the packet to may vary depending on your brand of NAS and it's configuration. Though the RFC states the destination UDP port should be 3799 for Disconnect-Requests , Cisco brand equipment uses the non standard UDP port 1700 by default for POD.

For Mikrotik try:

# cat packet.txt | radclient -r 1 10.0.0.1:1700 disconnect ''secret''

where -r 1 means retry only once and give

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card