Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Processing Dynamic Authorization (CoA/DM) Messages as a Proxy Target

SBRC keeps track of the device (either a proxy server or a NAS client) that sent the packet. This ensures that CoA/DM requests are sent to the originating NAS client using the same path (in reverse direction) that the authorization and accounting requests traversed. When a CoA/DM request is generated, the message is sent to the device.

To help the proxy target determine which device model is used for a given session, a new attribute, Funk-Device-Model, is added to forward authentication and accounting requests. The Funk-Device-Model attribute is a string attribute and contains the make or model name of the NAS client associated with a request. The Funk-Device-Model is useful only when the proxy target is also a SBRC server (SBRC 7.5.0 or greater). If a Funk-Device-Model attribute is received as part of an authorization or accounting request, the attribute details are saved in the Sbr_NasDeviceModel field of the CST and passed along without any modification to the proxy target. By default, the Sbr_NasDeviceModel field is disabled, and to enable it you need to add it in the CST. This feature enables SBRC servers acting as proxy targets to determine which attributes to use to send a CoA/DM request through a proxy without having to configure a RADIUS client for every possible NAS client on the network. However, there are configurations in which this information is not required to generate the correct list of attributes, so the Funk-Device-Model attribute is optional, and can be disabled through a configuration variable.

When a CoA/DM request is created, the attributes included in the message are determined by the device model of the originating upstream device (NAS client). The Funk-Device-Model attribute, if present in the proxy authentication and accounting requests, is used to determine the device model.

Note: The Funk-Device-Model attribute does not determine the port to send the request to. The port is determined in advance for each NAS client.

If the Funk-Device-Model attribute is not implemented, then you need to create a device model that is a superset of all the possible devices on the network that receives CoA/DM requests. This generic superset device model needs to be configured for any client that receives CoA/DM requests.

Modified: 2018-01-11