I'm using Cisco Access Registrar to issue IP addresses to clients on a wireless network.
Everything was working fine (sessions created and destroyed as expected) but when I joined the AP to WDS all hell broke loose.
It seems that when the AP is not a WDS member the "NAS-Port" attribute is the same for Access-Requests and Accounting-Requests but when it's a member I get different "NAS-Port".
This is a problem because the CAR creates a session when the Access-Request is accepted but destroys it whent it receives an Accounting-Request with an Acct-Status-Type = Stop. The session key is NAS:NAS-Port and if the port doesn't match the session isn't destroyed.
Has anyone had a similar problem or know a possible solution?
I added a second AP to the WDS domain and it confirmed my fear... The Access-Requests are coming from the WDS master but the Acccounting-Requests are coming from the AP that the client commects to, which explains the different NAS-ports.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...