OUR SITES NetworkRADIUS FreeRADIUS

Originate CoA-Request packets

The server can originate Change of Authorization (CoA) or Disconnect request packets. These packets are used to dynamically change the parameters of a users session (bandwidth, etc.), or to forcibly disconnect the user.

There are some caveats. Not all NAS vendors support this functionality. Even for the ones that do, it may be difficult to find out what needs to go into a CoA-Request or Disconnect-Request packet. All we can suggest is to read the NAS documentation available from the vendor. That documentation SHOULD describe what information their equipment needs to see in a CoA packet.

This information is usually a list of attributes such as:

#	NAS-IP-Address (or NAS-IPv6 address)
#	NAS-Identifier
#	User-Name
#	Acct-Session-Id

CoA packets can be originated when a normal Access-Request or Accounting-Request packet is received. Simply create a subrequest, and call the radius module to send the packet.

#	subrequest Disconnect-Request {
#	       User-Name = parent.request.User-Name
#	       Acct-Session-Id = parent.request.Acct-Session-Id
#	       NAS-IP-Address = parent.NAS-IP-Address}
#	       ...
#	}
This functionality is configured differently from v3.

This is an example virtual server. It accepts Accounting-Request packets. It then sends a Disconnect-Request packet for every Accounting-Request packet it receives.

You should NOT enable this virtual server. Instead, use it as an example, and copy the "subrequest" section to the virtual server that is actually receiving Accounting-Request packets.

server originate-coa.example.com {
	namespace = radius

Listen on the Accounting port.

	listen {
		type = Accounting-Request
		transport = udp

		udp {
			ipaddr = *
			port = 1812
		}
	}

recv Accounting-Request {
	subrequest Disconnect-Request {

The subrequest begins empty, so copy all necessary attributes over.

		request.User-Name := parent.request.User-Name
		request.Acct-Session-Id := parent.request.Acct-Session-Id
		request.NAS-Identifier := parent.request.NAS-Identifier
		request.NAS-IP-Address := parent.request.NAS-IP-Addres
		request.NAS-IPv6-Address := parent.request.NAS-IPv6-Address
		request.NAS-Port := parent.request.NAS-Port
		request.Framed-IP-Address := parent.request.Framed-IP-Address

Call the radius module to send a CoA packet.

Note that you MUST create an instance of the radius module, called "radius.coa" in order for this to work.

See the radius module for more documentation on how it works.

		radius.coa

	}
}  # recv Accounting-Request

}

Default Configuration