Hey Alex, Try using "aaa accounting delay-start"... This may help. I use it on our 5800 to get accounting IP addresses correctly from the NAS. Mike
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexander M. Pravking Sent: Tuesday, June 03, 2003 8:53 AM To: [EMAIL PROTECTED] Subject: Cisco re-sends packets with different ids I discovered that our Cisco 5200 resends acct-requests (not sure about auth-requests) with different request identifiers, which violates RFC 2866. Here is sample debug output (note the id's!): rad_recv: Accounting-Request packet from host cisco-5200:1646, id=205, length=119 Sun Jun 1 13:57:15 2003 : Debug: Thread 4 assigned request 7988 Sun Jun 1 13:57:15 2003 : Debug: --- Walking the entire request list --- Sun Jun 1 13:57:15 2003 : Debug: Waking up in 1 seconds... Sun Jun 1 13:57:15 2003 : Debug: Thread 4 handling request 7988, (1373 handled so far) NAS-IP-Address = ... NAS-Port = 52 NAS-Port-Type = Async User-Name = "some-user" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "00010CC2" Framed-Protocol = PPP Framed-IP-Address = ... Acct-Delay-Time = 0 ... (this request was being processed more than 5 seconds) ... rad_recv: Accounting-Request packet from host cisco-5200:1646, id=206, length=119 Sun Jun 1 13:57:20 2003 : Debug: Thread 7 assigned request 7992 Sun Jun 1 13:57:20 2003 : Debug: --- Walking the entire request list --- Sun Jun 1 13:57:20 2003 : Debug: Threads: total/active/spare threads = 7/1/6 Sun Jun 1 13:57:20 2003 : Debug: Waking up in 1 seconds... Sun Jun 1 13:57:20 2003 : Debug: Thread 7 handling request 7992, (543 handled so far) NAS-IP-Address = ... NAS-Port = 52 NAS-Port-Type = Async User-Name = "user-name" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "00010CC2" Framed-Protocol = PPP Framed-IP-Address = ... Acct-Delay-Time = 5 Finally, both requests are logged successfully, so we got two active sessions for the same request. Alan would say "So, fix the NAS!", but it doesn't seem possible. (I'll feel myself happy if I'm wrong) Please, let me know if you saw similar things and if you have found a workarond. Thanks in advance. -- Fduch M. Pravking - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses at TNWEB LLC] --- [This E-mail scanned for viruses at TNWEB LLC] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
