I'm having a really hard time with proxying or just dealing with CoA's. The documentation just isn't working for me.
I can configure the coa server. I can get the originate-coa server up too. I can send CoA's to the server, but I can't get it to proxy them or re-send them as if it was originating the CoA. I see that they're being processed when looking at debug mode. But I just don't know how to do anything with them. This is what I want to do: [lots of switches doing dot1x]<->[freeradius]<->[NAC device, PacketFence in this case] I want to be able to send a CoA request from PacketFence (or another management server) to freeradius, and have it relay that CoA to a specific switch. E.g. I have determined that a user needs to be quarantined, so I run a script on the backend, and part of that requires having that user re-authenticate and get assigned a quarantine vlan. PF determines which switch they're on, sends a CoA to FreeRadius, FreeRadius then sends the CoA to the correct switch. Is there a way to do this without configuring a client entry for every edge device? Should I be using the proxy.conf in some way? I'm not really clear about how to use the virtual servers in regard to proxying. Thanks, -- Kevin Ehlers Network Engineer University of Oregon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
