This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sending Radius accounting data to Checkpoint Identity Awareness

bruce_richards1
New Contributor II

‎06-15-2016 07:49 AM

Hi,

we are using Checkpoint's Identity Awareness feature to keep track of users to allow internet access. This basically maps IP addresses to AD accounts. One way to update this system is using Radius accounting which is ideal for WiFi. 

We have our Zonedirector set up to send accounting packets to Checkpoint and this works well giving the user access to the internet seamlessly. 

However ....  when a user roams to another AP the Indentity Awareness looses the association between IP and username. As neither has changed this can only be because Zonedirector has sent a packet to Checkpoint to say that the user has left that AP and not sent another to tell the user it has reassociated to the new AP. 

Is there anything I can do to fix this behaviour ?

Thanks for reading

Bruce
3 REPLIES 3

bruce_richards1
New Contributor II

‎06-20-2016 04:09 AM

Update: packet captures show that the accounting packets are going out in this order

User Connects to AP1: Start Packet 
User roams to AP2: Start Packet, Stop Packet. 

If you look at the Session IDs for the packets then you can see that the Stop relates to AP1, but Checkpoint is ignoring Session ID and breaking the connection on Stop. 
0 Kudos

michael_brado
Esteemed Contributor II
In response to bruce_richards1

‎06-21-2016 04:33 PM

This might take some help from CheckPoint Bruce...
0 Kudos

bruce_richards1
New Contributor II
In response to bruce_richards1

‎06-22-2016 12:57 AM

Agreed, I'm asking the same questions of both parties and getting similar responses. I think that Ruckus are on higher ground as Checkpoint are ignoring the Session IDs but introducing a fraction of a second delay on the Start packets does fix the issue. 

At the moment I'm working round the issue by using FreeRADIUS to introduce a 0.5 sec delay on the start packets. 
0 Kudos
Copyright © 2024 Khoros, LLC