Using CoA on freeRadius

  • 1
  • Question
  • Updated 3 years ago
  • Answered
I am using freeradius on centos 4.5. I need to use COA command to double the user speed at a certain time of day. Can you tell how to achieve this?
Photo of Amar Khan

Amar Khan

  • 1 Post
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
HiveOS 6.4r1 should give you the ability to reassign the user profile that is applied to a session using CoA with standard attributes, older versions cannot do this. I don't know if there is any official documentation of this feature yet.

Hopefully an employee of Aerohive can provide a link to it if such documentation exists.

I also suspect the CoA reassignment may see some refinements down the line to support things like referencing the session via the Acct-Multi-Session-Id rather than just the Acct-Session-Id so that it functions correctly in roaming scenarios and supporting VLAN and user profile assignment with the full features/semantics that are available for initial auth. Doing this could easily bring some backwards incompatible changes with the attributes needed/used.

Presently, HiveOS supports for initial auth either:

  • Setting the Tunnel-Type to GRE with the Tunnel-Medium-Type set to IP if you intend to use the Tunnel-Private-Group-ID as the user profile attribute, setting the VLAN via the profile. (This is Aerohive specific, non-standard behaviour.)
  • Setting the the Tunnel-Type to VLAN with the Tunnel-Medium-Type set to 802, using the Filter-Id attribute to set the profile and the Tunnel-Private-Group-ID sets the VLAN, overriding anything specified in the profile. (This is standards compliant behaviour.)
For reassignment, I believe only the VLAN specified in the user profile will be used so the feature is as yet incomplete.

You may wish to hold off for a little while therefore until this has all stabilised/matured.
(Edited)