注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

北边的风

IT 钓鱼 养生

 
 
 

日志

 
 

通过CoA?Message让Radius来踢用户下线(转)  

2015-02-27 15:15:28|  分类: IT心得 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
第一步,首先Radius/CoA server先发送CoA DM(Disconnect Message)-Request报文,抓包解码:
Dec 8 03:02:33: [0004]: ?A-7-RAD_PKT: Received packet (53 bytes) from 220.191.135.200/3799 (CoA): Disconnect-Request Id: 0x11 length: 53
Authenticator Field: 12 6d 20 45 c5 22 3e 93 93 c6 7f 5a 0d d8 95 76
Framed-IP-Address: 115.212.2.159
Acct-Session-Id: 0B01FFFF680093B1-4CFEF463


一般来说,通过Acct-Session-Id就能定位找到BAS上那个要踢的唯一的session,但通常DM-request中会包含用户名和地址,甚至NAS-IP-Address。不同的BAS收到该报文后做相应的踢用户处理,通过各家BAS自身机制实现。
CoA message的端口为udp 3799。
=====================
第二步,踢成功后BAS发送reply包给CoA server
Dec 8 03:02:33: [0004]: ?A-7-RAD_PKT: Send packet (32 bytes) to 220.191.135.200/3799 (CoA): Disconnect-ACK Id: 0x11 length: 32
Authenticator Field: b3 df 70 e1 88 8e 93 61 9d d4 8c d4 2c 9f d2 6f
COA-Error-Cause: Success (200)
Event-Timestamp: 19:02:33 - 2010/12/07 (1291777353)
=====================
第三步,BAS要发送这个被踢用户的下线计费报文,注意断线代码为6,Amin-Reset
Dec 8 03:02:33: [0004]: [12/2:1023:63/6/2/37809]: ?A-7-RAD_PKT: aaa_idx 1008c5f3: Send packet (678 bytes) to 220.191.135.200/1813 (057981368000@SHCD.XY): Accounting-Request Id: 0xbf length: 678
Authenticator Field: 3d 76 93 58 d9 dc d8 ee 98 77 fe 76 be a1 9a 38
User-Name: UO\.IA09057981368000@SHCD.XY
Acct-Status-Type: Stop (2)
Acct-Session-Id: 0B01FFFF680093B1-4CFEF463
Service-Type: Framed-User (2)
Framed-Protocol: PPP (1)
RBN:Acct-Update-Reason: AAA-ACCT-SESSION-DOWN (2)
NAS-Identifier: JH-JH-CDXY-BAS-SE800-1-DM1.MAN
NAS-IP-Address: 61.130.158.45
NAS-Port: 0x0c020000
RBN:NAS-Real-Port: 0xc200014a
NAS-Port-Type: Ethernet (15)
NAS-Port-Id: 12/2 vlan-id 330 pppoe 669
RBN:Medium-Type: DSL (11)
RBN:MAC-Address: 00-21-70-a2-84-63
Connect-Info: lan-nas-port-type
RBN:Platform-Type: SE-800 (2)
RBN:OS-Version: 6.1.4.6
Acct-Authentic: Radius (1)
RBN:Subscriber-Profile-Name: p4m
RBN:Client-DNS-Pri: 60.191.244.5
RBN:Client-DNS-Sec: 60.191.244.2
Port-Limit: 1
Framed-IP-Address: 115.212.2.159
Acct-Session-Time: 229
Acct-Terminate-Cause: Admin-Reset (6)
RBN:Session-Error-Code: 40
RBN:Session-Error-Msg: Session cleared by administrator
Acct-Input-Packets: 835
Acct-Output-Packets: 482
Acct-Input-Octets: 294297
Acct-Output-Octets: 155126
Acct-Input-Gigawords: 0
Acct-Output-Gigawords: 0
RBN:Acct-Input-Packets-64: 835
RBN:Acct-Output-Packets-64: 482
RBN:Acct-Input-Octets-64: 294297
RBN:Acct-Output-Octets-64: 155126
RBN:Acct-Mcast-In-Packets: 0
RBN:Acct-Mcast-Out-Packets: 0
RBN:Acct-Mcast-In-Octets: 0
RBN:Acct-Mcast-Out-Octets: 0
RBN:Acct-Mcast-In-Packets-64: 0
RBN:Acct-Mcast-Out-Packets-64: 0
RBN:Acct-Mcast-In-Octets-64: 0
RBN:Acct-Mcast-Out-Octets-64: 0
Class: OAMServer;1291748531;158
Acct-Interim-Interval: 900
Session-Timeout: 604800
RBN:Qos-Metering-Profile-Name: 4m
RBN:Qos-Policing-Profile-Name: up-1m
Event-Timestamp: 19:02:33 - 2010/12/07 (1291777353)

=====================
第四步,Radius再回应
Dec 8 03:02:33: [0004]: [12/2:1023:63/6/2/37809]: ?A-7-RAD_PKT: aaa_idx 1008c5f3: Received packet (73 bytes) from 220.191.135.200/1813 (UO\.IA09057981368000@SHCD.XY): Accounting-Response Id: 0xbf length: 73
Authenticator Field: 62 fa 8a 9f 44 79 17 5b 5e 25 f0 bc 90 0b f1 b2
Class: OAMServer;1291748531;158
Acct-Session-Id: 0B01FFFF680093B1-4CFEF463


此机制遵循RFC 3576 - Dynamic Authorization Extensions to Remote Authentica
  评论这张
 
阅读(397)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2016