[PacketFence-users] TP-Link VSA for radius CoA

Fri, 17 Oct 2025 15:05:19 -0700 

Hello,

We are using TP-Link EAP650 Wireless APs with PacketFence. VLAN assignment via 
RADIUS works fine, but CoA is failing with CoA-NAK (Missing attribute).
We found that TP-Link requires a Vendor-Specific Attribute (VSA) for CoA and it 
is not available in packetfence:  See below workable CoA request packet to 
extract VSA attribute information [1].



We tried adding this in the RADIUS dictionary and also in 
lib/pf/util/radius_dictionary.pm, but it still doesn’t appear in the GUI as 
radius attribute ( under switch template).

Could someone advise how to properly add TP-Link VSA support in PacketFence for 
CoA?


VENDOR      TP-LINK     11863
BEGIN-VENDOR TP-LINK
ATTRIBUTE   TPLink-User-Command   5   string
END-VENDOR TP-LINK


[1]

User Datagram Protocol, Src Port: 33118, Dst Port: 3799
RADIUS Protocol
    Code: CoA-Request (43)
    Packet identifier: 0x5a (90)
    Length: 80
    Authenticator: 19f1fb137e5bc3c65efdcfc34
    [The response to this request is in frame 10]
    Attribute Value Pairs
        AVP: t=User-Name(1) l=19 val=08-1F-71-8C-5C-79
        AVP: t=Calling-Station-Id(31) l=19 val=09-1F-71-5D-6C-79
        AVP: t=Vendor-Specific(26) l=22 vnd=TP-Link Systems Inc.(11863)
            Type: 26
            Length: 22
            Vendor ID: TP-Link Systems Inc. (11863)
            VSA: t=TPLink-User-Command(5) l=16 val=reauthenticate
                Type: 5
                Length: 16
                TPLink-User-Command: reauthenticate



Best Regards
Saqib



________________________________

Disclaimer: This email and any attachments may contain confidential material 
and is solely for the use of the intended recipient(s). If you have received 
this email in error, please notify the sender immediately and delete this 
email. If you are not the intended recipient(s), you must not use, retain or 
disclose any information contained in this email. Any views or opinions are 
solely those of the sender and do not necessarily represent those of National 
Centre for Physics (NCP). NCP does accept responsibility for any errors or 
omissions that are present in the message, or any attachment, that have arisen 
as a result of email transmission.

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users














    











					Reply via email to