RE: Issue 226: RFC 3576bis and Renumbering

[Bernard Aboba <bernard_aboba@hotmail.com>]

Glen Zorn said:

So, basically, what you are saying seems to be that

1. deploying RADIUS accounting is mandatory AND
2. an undefined but incestuous relationship between separate RADIUS and RADIUS Accounting servers is also mandatory OR
3. the RADIUS and RADIUS Accounting servers must be one and the same

None of those seem like very good ideas to me.

This makes sense to me.

It is possible for a "Dynamic Authorization Client" to send a CoA-Request or Disconnect-Request identifying the NAS and session based purely on information present in the Access-Request.  In such a situation, it would seem that a User-Name attribute, NAS-Port/NAS-Port-Id and a NAS identification attribute (e.g. NAS-IP-Address, NAS-IPv6-Address, NAS-Identifier) should be sufficient to identify the session.  If the session was never started, or the user is no longer there, a CoA/Disconnect-NAK will be sent along with an Error-Cause attribute.

It is also possible for a "Dynamic Authorization Client" to send a CoA-Request or Disconnect-Request based on an Accounting-Request.  In this case, the Acct-Session-Id attribute would be used to identify the session. 

The question is this:  under what circumstances would other attributes (Called/Calling-Station-Id, NAS-Port-Type, Framed-IP-Address/Framed-IPv6-Prefix/Framed-Identifer, etc.) ever be needed in order to identify a session?  It seems that Called/Calling-Station-Id would only be needed if NAS-Port/NAS-Port-Id were not present (e.g. where the same user was logged on to multiple ports).