Controllerless Networks

Reply
New Contributor
Posts: 4
Registered: ‎11-01-2015

IAP275 and Freeradius accounting issues

[ Edited ]

Hello,

To achieve No-simultaneous use of each user account in our wireless network, we have recently integrate our IAP275 with a radius server (PFsense with Freeradius) to garant the authentication and accounting.we limite the number of sessions to 1 for all users. after configuration only one session per account can access the network, if the secound station will try with the same account the radius will reject. its good at this point. Now we have facing a duplication session problème for the same account !! but when that happen, look at this example: "station1" connected using account named "user1" and "station2" connected using "user2" , if "station2" disconnect and try to reconnect using "user1" it can access !!!! if i wait about 60 sec it can't access. i'm seeing also if i graphiclly remove the disconnected "station2" from Clients TAB in IAP without waitting 60sec, and try to reconnect the "station2" again with "user1" it fails. isn't the station table cache timeout here?

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: IAP275 and Freeradius accounting issues

Are you using 802.1x or captive portal?

What version of Instant is this?

What model access point is this?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎11-01-2015

Re: IAP275 and Freeradius accounting issues

[ Edited ]

We are using a mesh of 3 IAP-275 OS: 6.4.4.4-4.2.3.0_54225 with 802.1x method. and Pfsense: 2.3.2_32_BIT With Freeradius2 Package installed.

take a look at our configuration.

Thanks.

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: IAP275 and Freeradius accounting issues


NACEUR YASSINE wrote:

Hello,

To achieve No-simultaneous use of each user account in our wireless network, we have recently integrate our IAP275 with a radius server (PFsense with Freeradius) to garant the authentication and accounting.we limite the number of sessions to 1 for all users. after configuration only one session per account can access the network, if the secound station will try with the same account the radius will reject. its good at this point. Now we have facing a duplication session problème for the same account !! but when that happen, look at this example: "station1" connected using account named "user1" and "station2" connected using "user2" , if "station2" disconnect and try to reconnect using "user1" it can access !!!! if i wait about 60 sec it can't access. 


How long does it take for Freeradius to receive the accounting stop from the IAP, when the client switches users via 802.1x for authentication?

What 802.1x client is this and what procedure in detail  do you use to switch 802.1x users? (Do you forget the network to switch?)



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎11-01-2015

Re: IAP275 and Freeradius accounting issues

[ Edited ]

 

- my client use smartphones, windows and linux

- Our need: my clients access internet through a satellite system VSAT at the remote site, and because the bandwidth is up to 6Mbps, we have decided to limite the number of session for each account only one to garant the service. but when the users oddly start exchange their accounts to each other we found the duplicate session as explained before.

- the radius accounting stop is generated when the user is aged out of the user table, NOT when they disconnect, i need this action when the user disconnect, how?

New Contributor
Posts: 4
Registered: ‎11-01-2015

Re: IAP275 and Freeradius accounting issues

hello,

can anyone give idea to solve that?

Search Airheads
Showing results for 
Search instead for 
Did you mean: