Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP275 and Freeradius accounting issues

This thread has been viewed 1 times

  • 1.  IAP275 and Freeradius accounting issues

    Posted Jan 10, 2017 09:36 AM

    Hello,

    To achieve No-simultaneous use of each user account in our wireless network, we have recently integrate our IAP275 with a radius server (PFsense with Freeradius) to garant the authentication and accounting.we limite the number of sessions to 1 for all users. after configuration only one session per account can access the network, if the secound station will try with the same account the radius will reject. its good at this point. Now we have facing a duplication session problème for the same account !! but when that happen, look at this example: "station1" connected using account named "user1" and "station2" connected using "user2" , if "station2" disconnect and try to reconnect using "user1" it can access !!!! if i wait about 60 sec it can't access. i'm seeing also if i graphiclly remove the disconnected "station2" from Clients TAB in IAP without waitting 60sec, and try to reconnect the "station2" again with "user1" it fails. isn't the station table cache timeout here?



  • 2.  RE: IAP275 and Freeradius accounting issues

    EMPLOYEE
    Posted Jan 10, 2017 10:17 AM

    Are you using 802.1x or captive portal?

    What version of Instant is this?

    What model access point is this?

     



  • 3.  RE: IAP275 and Freeradius accounting issues

    Posted Jan 10, 2017 10:40 AM

    We are using a mesh of 3 IAP-275 OS: 6.4.4.4-4.2.3.0_54225 with 802.1x method. and Pfsense: 2.3.2_32_BIT With Freeradius2 Package installed.

    take a look at our configuration.

    Thanks.



  • 4.  RE: IAP275 and Freeradius accounting issues

    EMPLOYEE
    Posted Jan 10, 2017 12:03 PM
    @NACEUR YASSINE wrote:

    Hello,

    To achieve No-simultaneous use of each user account in our wireless network, we have recently integrate our IAP275 with a radius server (PFsense with Freeradius) to garant the authentication and accounting.we limite the number of sessions to 1 for all users. after configuration only one session per account can access the network, if the secound station will try with the same account the radius will reject. its good at this point. Now we have facing a duplication session problème for the same account !! but when that happen, look at this example: "station1" connected using account named "user1" and "station2" connected using "user2" , if "station2" disconnect and try to reconnect using "user1" it can access !!!! if i wait about 60 sec it can't access. 

    How long does it take for Freeradius to receive the accounting stop from the IAP, when the client switches users via 802.1x for authentication?

    What 802.1x client is this and what procedure in detail  do you use to switch 802.1x users? (Do you forget the network to switch?)



  • 5.  RE: IAP275 and Freeradius accounting issues
    Best Answer

    Posted Jan 11, 2017 05:52 AM

     

    - my client use smartphones, windows and linux

    - Our need: my clients access internet through a satellite system VSAT at the remote site, and because the bandwidth is up to 6Mbps, we have decided to limite the number of session for each account only one to garant the service. but when the users oddly start exchange their accounts to each other we found the duplicate session as explained before.

    - the radius accounting stop is generated when the user is aged out of the user table, NOT when they disconnect, i need this action when the user disconnect, how?



  • 6.  RE: IAP275 and Freeradius accounting issues

    Posted Jan 19, 2017 11:43 AM

    hello,

    can anyone give idea to solve that?