[NEBULA] RADIUS - Accounting Stop packet - Framed-IP-Address value
Good morning,
We are testing Zyxel Nebula with an external captive portal and external Radius authentication.
As I can see, in Accounting Start and Interim Update packets, the value Framed-IP-Address is sent:
- User-Name = "38205631@XXXXX"
- Framed-IP-Address = 172.16.40.169
- Acct-Session-Id = "5C0FA66D"
- Acct-Status-Type = Interim-Update
- Acct-Authentic = RADIUS
- NAS-IP-Address = 127.0.0.1
- NAS-Port = 1787
- NAS-Port-Type = Ethernet
- Calling-Station-Id = "24-FD-52-XX-XX-XX"
- Called-Station-Id = "60-31-97-XX-XX-XX:Nebula"
- Acct-Session-Time = 61
- Acct-Input-Octets = 105400
- Acct-Output-Octets = 403250
- Event-Timestamp = Dec 11, 2018 12:48:57.000000000 Hora estándar romance
But in Accounting Stop packet Framed-IP-Address is not sent, is it possible to add it?:
- User-Name = "38205631@XXXXXX"
- Acct-Session-Id = "5C0FA66D"
- Acct-Status-Type = Stop
- Acct-Authentic = RADIUS
- NAS-IP-Address = 127.0.0.1
- NAS-Port = 1787
- NAS-Port-Type = Ethernet
- Calling-Station-Id = "24-FD-52-XX-XX-XX"
- Called-Station-Id = "60-31-97-XX-XX-XX:Nebula"
- Acct-Session-Time = 504
- Acct-Input-Octets = 0
- Acct-Output-Octets = 0
- Event-Timestamp = Dec 11, 2018 12:56:20.000000000 Hora estándar romance
Thanks in advanced.
All Replies
-
Hi @yomismo,
As we are a layer 2 device, we have a design limitation that affects the frame-IP-address:
If the client STA connects for the first time to one AP, the accounting start will include the Frame-IP-address as it is the first time connecting. However, if the client STA roams from one AP to another, or already associated to one AP and disconnects/reconnects, the accounting start will not include the Frame-IP-address as the APs only check the MAC address for previously authenticated devices. Or, if the STA disconnects in a short period that the interim packet is not set, then accounting stop will also not have Frame-IP-address.
Thanks.
0 -
Hello Freda,
We have been checking your last answer, and as you know, in Europe is extrictily necessary to identify all connections from a device. We have to keep al the traceability of the connections on site because of the GDPR (General Data Protection Regulation), that is a regulation in EU law on data protection and privacy for all individual citizens of the European Union.
So for companies like us it is necessary to receive this attribute (Framed-IP-Address) also in Accounting-Stop packet, so we can offer Nebula solution and don´t have legal problems.
Also we have checked that sometimes User-Name attribute is not send in the Accounting-Stop packet, do you know why this could happens?
If you need more information do not hesitate to ask us.
Thanks in advanced.
0 -
Hello @yomismo2,
There are two enhancements in next release as following.
· Frame-IP-Address in accounting Start and Stop under scenarios explained below.
· Input/output octets shows the actual usage
The Frame-IP-Address in start/stop have some scenarios where it will be empty, because our devices are L2 and check MAC address only.
- If the client STA connects for the first time to one AP, the accounting start will include the Frame-IP-address as it is the first time connecting.
- If the client STA roams from one AP to another, or already associated to one AP and disconnects/reconnects, the accounting start will not include the Frame-IP-address as the APs only check the MAC address for previously authenticated devices.
- If the STA disconnects in a short period that the interim packet is not sent, then accounting stop will not not have Frame-IP-address either.
Thanks.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight