[NEBULA] RADIUS - Accounting Stop packet - Framed-IP-Address value

yomismo · November 2019

Good morning,

We are testing Zyxel Nebula with an external captive portal and external Radius authentication.

As I can see, in Accounting Start and Interim Update packets, the value Framed-IP-Address is sent:

User-Name = "38205631@XXXXX"
Framed-IP-Address = 172.16.40.169
Acct-Session-Id = "5C0FA66D"
Acct-Status-Type = Interim-Update
Acct-Authentic = RADIUS
NAS-IP-Address = 127.0.0.1
NAS-Port = 1787
NAS-Port-Type = Ethernet
Calling-Station-Id = "24-FD-52-XX-XX-XX"
Called-Station-Id = "60-31-97-XX-XX-XX:Nebula"
Acct-Session-Time = 61
Acct-Input-Octets = 105400
Acct-Output-Octets = 403250
Event-Timestamp = Dec 11, 2018 12:48:57.000000000 Hora estándar romance

But in Accounting Stop packet Framed-IP-Address is not sent, is it possible to add it?:

User-Name = "38205631@XXXXXX"
Acct-Session-Id = "5C0FA66D"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
NAS-IP-Address = 127.0.0.1
NAS-Port = 1787
NAS-Port-Type = Ethernet
Calling-Station-Id = "24-FD-52-XX-XX-XX"
Called-Station-Id = "60-31-97-XX-XX-XX:Nebula"
Acct-Session-Time = 504
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Event-Timestamp = Dec 11, 2018 12:56:20.000000000 Hora estándar romance

Thanks in advanced.

Zyxel_Freda · November 2019

Hi @yomismo,

As we are a layer 2 device, we have a design limitation that affects the frame-IP-address:

If the client STA connects for the first time to one AP, the accounting start will include the Frame-IP-address as it is the first time connecting. However, if the client STA roams from one AP to another, or already associated to one AP and disconnects/reconnects, the accounting start will not include the Frame-IP-address as the APs only check the MAC address for previously authenticated devices. Or, if the STA disconnects in a short period that the interim packet is not set, then accounting stop will also not have Frame-IP-address.

Thanks.

yomismo2 · December 2019

Hello Freda,

We have been checking your last answer, and as you know, in Europe is extrictily necessary to identify all connections from a device. We have to keep al the traceability of the connections on site because of the GDPR (General Data Protection Regulation), that is a regulation in EU law on data protection and privacy for all individual citizens of the European Union.

So for companies like us it is necessary to receive this attribute (Framed-IP-Address) also in Accounting-Stop packet, so we can offer Nebula solution and don´t have legal problems.

Also we have checked that sometimes User-Name attribute is not send in the Accounting-Stop packet, do you know why this could happens?

If you need more information do not hesitate to ask us.

Thanks in advanced.

Zyxel_Freda · December 2019

Hello @yomismo2,

There are two enhancements in next release as following.

· Frame-IP-Address in accounting Start and Stop under scenarios explained below.

· Input/output octets shows the actual usage

The Frame-IP-Address in start/stop have some scenarios where it will be empty, because our devices are L2 and check MAC address only.

If the client STA connects for the first time to one AP, the accounting start will include the Frame-IP-address as it is the first time connecting.
If the client STA roams from one AP to another, or already associated to one AP and disconnects/reconnects, the accounting start will not include the Frame-IP-address as the APs only check the MAC address for previously authenticated devices.
If the STA disconnects in a short period that the interim packet is not sent, then accounting stop will not not have Frame-IP-address either.

Thanks.

[NEBULA] RADIUS - Accounting Stop packet - Framed-IP-Address value

Welcome!

All Replies

Welcome!

Welcome!

Quick Links

Categories

Nebula Tips & Tricks

Nebula Help Center