Free Radius - Session Timeout, Idle Timeout (disconnecting idle users)

Question

I was wondering if someone could help clear something up for me.

I am currently using Freeradius with a Cisco NAS. I have control fo the free Radius, but I do not have control of the Cisco.

I am noticing that when a user reboots their equipment, a termination message is sent to FreeRadius/the Nas to release the IP and kill the connection. This seems to be working as expected and the next client can simply pick up this IP. However, should a user simply unplug their equipment or have a power cut, this termination message is never sent and effectively we have an IP allocated to a dead user. Obviously if we had say 300 IPs and 250 people, if they all had power cuts, only 50 would be able to get back online as the other 250 Ips are currently allocated albeit not in use.

Can someone tell me where I can locate the settings to specify when to release an IP if the user is idle or where the attribute needs to be specified, ie check every 2 minutes and if the user is idle, disconnect their session and release the IP for the next user.

Answer 1

There's nothing bundled with FreeRADIUS to do this. The recommended way to perform dead session detection is to record the interval between accounting start/accounting interval packets, and to turn on interim updates on the NAS.

If the session goes stale (no interims received) then the radclient binary can be used to send a fake accounting stop to close out the session.

If your NAS supports Session-Timeout and Idle-Timeout you can return those, but it doesn't help in the case of a power failure that takes out the NAS as well.