Manualshelf

Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
61626364656667686970
l You can use the paging control at the bottom of the list to jump forwards or backwards by one page, or to the
first or last page of the list. You can also click an individual page number to jump directly to that page.
Session States
A session may be in one of three possible states:
l ActiveAn active session is one for which the RADIUS server has received an accounting start message and
has not received a stop message, which indicates that service is being provided by a NAS on behalf of an
authorized client.
While a session is in progress, the NAS sends interim accounting update messages to the RADIUS server. This
maintains up-to-date traffic statistics and keeps the session active. The frequency of the accounting update
messages is configurable in the RADIUS server.
l StaleIf an accounting stop message is never sent for a session—for example, if the visitor does not log out
that session will remain open. After 24 hours without an accounting update indicating session traffic, the session
is considered ‘stale and is not counted towards the active sessions limit for a visitor account. To ensure that
accounting statistics are correct, you should check the list for stale sessions and close them.
l Closed—A session ends when the visitor logs out or if the session is disconnected. When a session is
explicitly ended in either of these ways, the NAS sends an accounting stop message to the RADIUS server. This
closes the session. No further accounting updates are possible for a closed session.
RFC 3576 Dynamic Authorization
Dynamic authorization describes the ability to make changes to a visitor account’s session while it is in progress.
This includes disconnecting a session, or updating some aspect of the authorization for the session.
The Active Sessions page provides two dynamic authorization capabilities that apply to currently active sessions:
l Disconnect causes a Disconnect-Request message to be sent to the NAS for an active session, requesting that
the NAS terminate the session immediately. The NAS should respond with a Disconnect-ACK message if the
session was terminated or Disconnect-NAK if the session was not terminated.
l Reauthorize causes a Disconnect-Request message to be sent to the NAS for an active session. This message
will contain a Service-Type attribute with the value ‘Authorize Only’. The NAS should respond with a
Disconnect-NAK message, and should then reauthorize the session by sending an Access-Request message to the
RADIUS server. The RADIUS server’s response will contain the current authorization details for the visitor
account, which will then update the corresponding properties in the NAS session.
If the NAS does not support RFC 3576, attempts to perform dynamic authorization will time out and result in a
‘No response from NAS’ error message.
Refer to RFC 3576 for more details about dynamic authorization extensions to the RADIUS protocol.
Filtering the List of Active Sessions
You can use the Filter tab to narrow the search parameters and quickly find all matching sessions:
Dell Networking W-ClearPass Guest 6.1 | Deployment Guide W-ClearPassGuest Manager | 65