We are currently implementing a public hot spot scenario in midsize city with approx 50 access points. As controller we have a Smartzone 100 controller. As part of the implemenation we have build a captive portal in conjunction with a RADUIS server. Authentication over 1812 works as a charm. What we don’t reach is a proper accounting. We have selected under AAA the proxy Authentication server as per manual. Because of this we are unable to properly limit bandwith nor are we able to cut of a user when the maximum time or volume has been reached. A Wireshark cature shows that the accounting request is not coming from the controller as we would expect but from a single AP. Does that mean we have to enter each AP IP as a NAS in our RADUIS server? If yes – what about APs which are behind one or two additional routers and there4 behind several NATs. We don’t exclusively operate direct IP networks.
Hi Sid, we added proxy accounting in the "AAA Server => Proxy AAA" menu. Further, the created proxy accounting profile is linked to a wifi network. The accounting messages will be send from the Controllers IP to the intended destination. But the NAS-IP RADIUS field indicates the IP of the AP. The captive portal now sends all client-related RADIUS requests to the AP IP directly. This is not possible in all cases (Router NAT). It's like the controller acts like a distributor for the RADIUS packets but does not modify the contents.