Hi Ellyn,
The RADIUS CoA or Disconnect messages are generally sent to the IP address of
the wireless LAN controller or directly to the AP in your case. I believe the
IP address comes from the NAS-IP-Address attribute in the RADIUS accept-request
message which is what the switch or AP thinks it's IP address is.
The Controller IP setting allows you to nominated a different IP address and
port for these messages.
For example, in our network our switch is behind a NAT'd router in our office
with an internal IP address of 192.168.10.10.
PacketFence is in a totally different network (in our data centre) so if it
tries to send the RADIUS messages to that internal IP address it will fail.
As such, we set Controller IP to the external, static IP address of our office
and then set a port forward rule in the router to forward all UDP port 3799
traffic to 192.168.10.10.
>From what I can understand of your network, you probably don't need to set the
>Controller IP value.
To test what is going on, here are a few suggestions:
1. Run the RADIUS service in debug mode as follows:
/usr/local/pf/bin/pfcmd service radiusd stop # stops the RADIUS server
/usr/sbin/freeradius -X -d /usr/local/pf/raddb # starts a RADIUS server in
debug mode
2. Check what value is defined from NAS-IP-Address in the accept-request
message which should occur as soon as you connect a client to the AP.
3. Run TCPDUMP on your PacketFence server to trace the RADIUS CoA message
tcpdump -i eth0 udp port 3799 -w /tmp/radius.pcap
This will generate a PCAP file with just the these messages which can be viewed
in Wireshark or similar.
Here you will be able to see what IP address the RADIUS message is being sent
to i.e. should be your AP's IP address, as well as the message attributes which
may also be useful to understand what is happening.
Hope this helps!
Regards,
Michael Stone
Invigor Group Limited is a company registered in Australia (ABN 75 081 368
274). This email and any attachments are intended solely for the use of the
addressee(s) and may contain information that is confidential, subject to
copyright and subject to legal professional privilege. If you have received
this email in error, please notify the sender immediately, delete it and
destroy all copies. Any views expressed are those of the individual sender
unless expressly stated otherwise. In respect of this email and any
attachments, to the extent permitted by law, no warranty is given and all
liability is excluded,including, without limitation, liability for any loss or
damage caused by way of computer virus, defect, delay, or interruption.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
