Better use of the Connect-Info RADIUS attribute, VSA for Client Health Score

  • 1
  • Idea
  • Updated 3 years ago
  • (Edited)
HiveOS currently sends values like: 11ng, 11na, 11ac, 11g, 11a, 11b in the Connect-Info attribute in the Accounting-Request packets that it sends to a RADIUS server.
(Occasionally, the attribute has a value of auto or is not sent at all which is probably a bug.)

These values are not particularly useful as this is not actionable information. Currently, there would be little benefit from logging and interpreting these values.

There is therefore an easy opportunity here to do something much better which could really help larger customers, such as universities, that use RADIUS accounting with 802.1X.

RFC 3580 says of this attribute, in a somewhat dated and unhelpful way:

3.26.  Connect-Info

   This attribute is sent by a bridge or Access Point to indicate the
   nature of the Supplicant's connection.  When sent in the Access-
   Request it is recommended that this attribute contain information on
   the speed of the Supplicant's connection.  For 802.11, the following
   format is recommended: "CONNECT 11Mbps 802.11b".
  If sent in the
   Accounting STOP, this attribute may be used to summarize statistics
   relating to session quality.  For example, in IEEE 802.11, the
   Connect-Info attribute may contain information on the number of link
   layer retransmissions.  The exact format of this attribute is

   implementation specific.

What should we have in Connect-Info? I think things like SNR, RSSI, Channel, Channel width, PHY mode, TX data rate, RX data rate, TX retry %, RX retry % and Channel utilisation.

HiveOS would be enhanced if it sends richer information in a structured way via the Connect-Info attribute so that administrators can get on-going client statistics via the Interim-Update Accounting-Request packets that are sent during a session.

It would also be awesome to see the proprietary Client Health Score added in to an Aerohive VSA in Accounting-Request packets.

In conjunction with RADIUS accounting for clients that have not used 802.1X, this would further be a useful enhancement:

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes

Posted 3 years ago

  • 1

There are no replies.