Dell PowerConnect W Clearpass 100 Software 3.9 Deployment Guide - Page 296
RFC 3576 Dynamic Authorization, Filtering the List of Active Sessions, Closed, Disconnect, Reauthorize
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 296 highlights
traffic, the session is considered 'stale' and is not counted towards the active sessions limit for a visitor account. To ensure that accounting statistics are correct, you should check the list for stale sessions and close them. For information on configuring RADIUS server options, see "Server Configuration" in the RADIUS Services chapter. For details of the options that can be configured, including accounting update intervals and elapsed time before a session is considered stale, see "RADIUS Server Options" in the Reference chapter. Closed-A session ends when the visitor logs out or if the session is disconnected. When a session is explicitly ended in either of these ways, the NAS sends an accounting stop message to the RADIUS server. This closes the session. No further accounting updates are possible for a closed session. RFC 3576 Dynamic Authorization Dynamic auth orization describes the ability to make changes to a visitor account's session while it is in progress. This includes disconnecting a session, or updating some aspect of the authorization for the session. The Active Sessions page provides two dynamic authorization capabilities that apply to currently active sessions: Disconnect causes a Disconnect-Request message to be sent to the NAS for an active session, requesting that the NAS terminate the session immediately. The NAS should respond with a DisconnectACK message if the session was terminated or Disconnect-NAK if the session was not terminated. Reauthorize causes a Disconnect-Request message to be sent to the NAS for an active session. This message will contain a Service-Type attribute with the value 'Authorize Only'. The NAS should respond with a Disconnect-NAK message, and should then reauthorize the session by sending an Access-Request message to the RADIUS server. The RADIUS server's response will contain the current authorization details for the visitor account, which will then update the corresponding properties in the NAS session. If the NAS does not support RFC 3576, attempts to perform dynamic authorization will time out and result in a 'No response from NAS' error message. Refer to RFC 3576 for more details about dynamic authorization extensions to the RADIUS protocol. Filtering the List of Active Sessions You can use the Filter tab to narrow the search parameters and quickly find all matching sessions: Enter a username or IP address in the Filter field. Additional fields can be included in the search if the "Include values when performing a quick search" option was selected for the field within the view. To control this option, use the Choose Columns command link on the More Options tab. 296 | Guest Management ClearPass Guest 3.9 | Deployment Guide