Client authentication state

I doubt you'll get that via SNMP. IT doesn't even make much sense to be able to get it that way. You can get that via syslog.

Thanks,

Why not? with other vendors snmp is one way.

Via syslog I am getting joins/disconnects but it is not the real authentication state. I would be easy to ask ZD the status instead of tracking it.

Regards
Alberto.

A, ok. Misread your post a bit. I guess it makes some sense, but still not a whole lot.

I'd be interested in knowing why the state is important to you?

I use freeradius to authenticate users and I have configured an unique session per user (Simultaneous-Use := 1). Freeradius has its own variable to handle who is authenticate (or you can use a database, of course). But what happens?...In some cases there is a inconsistency between what radius thinks and the reality. For example, in some cases user could be disconnected and the radius server restart at the same time, so I have sticky sessions because Radius thinks user is authenticated but he is not, so it keeps trying to login until radius memory is cleaned. So, the only way to keep consistency is asking ZD the real state of the client.

Which EAP method are you using?

EAP-PEAP / EAP-TTLS. Why? are you thinking in something about?

I'm just thinking you've got a strange problem. I'm actually not that involved in RADIUS but the whole idea is to basically derive keys. When those keys are made they are passed to the STA and some APs. So as long as those keys are valid the STA should be able to handshake and associate. What I don't know however is how restarting your FR affects clients and why what you say would affect them. So I'm actually thinking that this is something that can be solved within FR not Ruckus.

Well, this inconsistency between freeradius and controllers is known. Some workaround valid for other vendors is asking via snmp (or even cli commands) the state of the client. This is done running a script called checkrad.pl (http://www.opensource.apple.com/sourc...) but I can't fit it to Ruckus because I have no method to get auth state.

That's all news to me. Thanks for explaining.

Your are welcome. If you have any question, don't hesitate to ask me. Don't you use 802.1x authentication for your clients? I think it is not so common in a enterprise heterogeneous environment with mobile clients (smartphones, tablets, laptops ...) but for the WISP side, it is the best choice if CPE has capabilities.