how to kick guest user when user quota has exhausted

Unanswered Question
Aug 27th, 2008
User Badges:


I have wlc and acs v4.0. Currently, I am using layer 3 security with web authentication and has been succesfully integrated with ACS for authentication. User quota has been set so that when user has reached its quota, may not be able to log in again. But problem occurs when the user has not logged out, it still can connect to network although its account at ACS shows disabled because of its quota limitation. So, is it a way to kick the user out, when the user has reached its quota ?

Radius accounting has been properly set. and AAA override has been set on appropriate wlan ssid.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vergeerf Wed, 08/27/2008 - 08:05
User Badges:

as far as I know that should be possible if you enable 'support for RFC3576'. This allows the radius server to dynamic change a user session (so called CoA messages). You can enable this support on the radius authentication setup page of your controller

0600648902 Sun, 08/31/2008 - 01:18
User Badges:

thanks for your reply.

do you mean "allow AAA override" ? If so, I have tried it and it works for changing user session by radius server. But the problem is, radius server do not send the user-session parameter dynamically. How can the radius send/calculate the remaining session time to wlc ?

0600648902 Fri, 09/05/2008 - 00:16
User Badges:

Thanks, Edward.

Where should I enable that parameter ?


This Discussion



Trending Topics - Security & Network