Hello,
We have recently migrated to VOPradius from Cisco Secure ACS. For the most part this has gone well, but there is one issue remaining which happens to users who establish their dial-up connection with our Cisco AS5300 NAS.
At the start of the session, VOPradius passes the session timeout value and idle timeout value to the AS5300. At that point it all looks normal. However, as the user browses website or gets email, the AS5300 does not restart the idle timer. The idle timer continues to count down and then the user's session is lost when that timer expires. In essence, the user's session has become limited to whatever the idle time setting is. For example, if we send a 5 hour session limit and a 30 minute idle timeout, the user will be disconnected at 30 minutes regardless of their activity.
The idle time worked perfectly when it was set by the Cisco ACS radius software, but does not work when set by VOPradius. Now, I would have thought that the AS5300 would control the idle time once it is set. If it sees activity on the modem, I would think that it would automatically restart the idle timer. However, the only thing that has changed is that we're using VOPradius for these users instead of Cisco ACS radius software. With the Cisco radius software the absolute and idle times are set and look the same way, but once the user transferred data down the phone lines the idle time would go back to the start value. This makes me think that the NAS and Radius must communicate more often about user activity than I would have otherwise believed. Either that or there is some other factor in the way the idle time is set.
Does any of this make sense? What could VOPradius be doing differently from Cisco Secure ACS radius? Is there any way to change that behavior?
Thanks. Any ideas will be appreciated.
Sincerely,
Jeffrey Kirk
Comstar, LLC
