Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
AR1220 Radius Packet brok...

AR1220 Radius Packet broken

Created: Nov 4, 2020 14:34:49Latest reply: Nov 6, 2020 10:05:55 388 7 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi,


I am currently trying to setup the radius service on the AR1220. However the AR1220 does not seem to follow the RFC Format correctly. The Password receives a padding of zeros and garbage at the end while the station ID does not get sent correctly at all.
Also the login IP gets sent backwards.

I've attached the relevant part of the radius log as well as the "display version" from the Router.


How do I fix this?


Radius Log:

(7) Received Access-Request Id 13 from 10.25.4.159:1812 to 10.25.5.30:1812 length 282
(7)   User-Name = "Someuser"
(7)   User-Password = "Password12\000\000\000\000\000\000~\203\232#T\346Z\252\371oɦ\003\314<\302"
(7)   NAS-Port = 0
(7)   Service-Type = Administrative-User
(7)   Framed-Protocol = X.75-Synchronous
(7)   Framed-IP-Address = 154.4.25.10
(7)   NAS-Identifier = "Huawei"
(7)   NAS-Port-Type = Virtual
(7)   NAS-Port-Id = "slot=0;subslot=0;port=0;vlanid=0"
(7)   Called-Station-Id = "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377
(7)   Login-IP-Host = 154.4.25.10
(7)   NAS-IP-Address = 10.25.4.159
(7)   Huawei-Startup-Stamp = 1604512173
(7)   Huawei-IPHost-Addr = "154.4.25.10 ff:ff:ff:ff:ff:ff"
(7)   Huawei-Connect-ID = 14
(7)   Huawei-Version = "Huawei AR1220"
(7)   Huawei-Product-ID = "AR"


AR1220 Version:

[Huawei]display version Huawei Versatile Routing Platform SoftwareVRP (R) software, Version 5.130 (AR1200 V200R003C00)Copyright (C) 2011-2012 HUAWEI TECH CO., LTDHuawei AR1220 Router uptime is 0 week, 0 day, 4 hours, 40 minutesBKP 0 version information: 1. PCB      Version  : AR01BAK1A VER.NC2. If Supporting PoE : No3. Board    Type     : AR12204. MPU Slot Quantity : 15. LPU Slot Quantity : 2MPU 0(Master) : uptime is 0 week, 0 day, 4 hours, 40 minutesMPU version information : 1. PCB      Version  : AR01SRU1A VER.A2. MAB      Version  : 03. Board    Type     : AR12204. BootROM  Version  : 0


Best Regards,

Jan

Like (0) Dislike (0) Favorite(0) Share Report
Previous: BGP state - Connect and Active
Next: How to forward GRE protocol to a particular ip on lan
Featured Answers

Recommended answer

(1) (0)
DDSN
Admin Created Nov 6, 2020 10:05:55

Hi JanH,

The length of the user password field is 16 x n (1 ≤ n ≤ 8 )bytes. The value is an integer, such as 16, 32,48.
Padded may occur when the value is less than an integer.

1


View more
  • x
  • convention:

Navin_kay
Navin_kay Created Dec 20, 2021 23:21:40 (0) (0)
good  
All Answers
(0) (0)
2#
DDSN
DDSN Admin Created Nov 4, 2020 14:41:18

Hi JanH,
Please wait patiently. Our engineers are looking for answers to your questions.
View more
  • x
  • convention:
(0) (0)
3#
DDSN
DDSN Admin Created Nov 4, 2020 15:05:01

Hi JanH,
Do you configure the RADIUS on the AR router of the ensp?
As far as I know, the AR router of the ensp does not support RADIUS.
View more
  • x
  • convention:

JanH
JanH Created Nov 4, 2020 15:15:49 (0) (0)
Yes, the RADIUS Client ist configured on the AR Router. The RADIUS Server is configured on a linux machine connected over the cloud.
The AR Router in eNSP does seem to support RADIUS Client behavior but to be honest it does not do a very good job of it (in regards to the original problem)  
(0) (0)
4#
JanH
JanH Created Nov 5, 2020 11:10:43

So I found the solution: Apparently the Huawei AR Routers are not the only piece of equipment which adds a padding of zeros to the end of the password.
The creators of freeradius have implemented a fix: Under /etc/freeradius/sites-available/default "filter-password" has to be uncommented. The padding of zeros is then removed.
View more
  • x
  • convention:

DDSN
DDSN Created Nov 6, 2020 07:11:30 (0) (0)
Hi JanH,
I have not encountered similar problems before, and I have not found any useful information on the Internet. Thank you for sharing.  
(1) (0)
5#
DDSN
DDSN Admin Created Nov 6, 2020 10:05:55

Hi JanH,

The length of the user password field is 16 x n (1 ≤ n ≤ 8 )bytes. The value is an integer, such as 16, 32,48.
Padded may occur when the value is less than an integer.

1


View more
  • x
  • convention:

Navin_kay
Navin_kay Created Dec 20, 2021 23:21:40 (0) (0)
good  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.