Got it

AR3200 does not deliver received address from Framed-IP-Address RADIUS attribute

Created: Dec 23, 2021 23:26:20Latest reply: Dec 25, 2021 23:13:10 256 12 0 0 0
  Rewarded HiCoins: 0 (problem resolved)

Hi everyone, do you know if AR3260 in eNSP really supports Framed-IP-Addres from RADIUS? I've the following configurations but router stills delivering from pool1:

radius-server template rd1
 radius-server shared-key cipher %$%$Q5WeWGB&*U[eYC6#$ca;0wKn%$%$
 radius-server authentication 10.0.0.1 1812
 radius-server accounting 10.0.0.1 1813
 radius-attribute nas-ip 1.1.1.1
 radius-server traffic-unit mbyte
 radius-server attribute translate
 radius-attribute disable HW-NAS-Startup-Time-Stamp send
 radius-attribute disable HW-IP-Host-Address send
 radius-attribute disable HW-Connect-ID send
 radius-attribute disable HW-Version send
 radius-attribute disable HW-Product-ID send
#

interface Virtual-Template0
 ppp authentication-mode chap domain auth1
 remote address pool pool1
 ppp ipcp remote-address forced
 ppp timer negotiate 10
 ppp ipcp dns 8.8.8.8 8.8.4.4
 mtu 1492
 timer hold 30
 ip address unnumbered interface LoopBack0
 undo icmp host-unreachable send
 undo icmp redirect send
 undo icmp port-unreachable send
 undo icmp ttl-exceeded send
 ip verify source-address
#

aaa
 authentication-scheme default
 authentication-scheme auth1
  authentication-mode radius local
 authorization-scheme default
 authorization-scheme auth1
 accounting-scheme default
 accounting-scheme acc1
  accounting-mode radius
 domain default
 domain default_admin
 domain auth1
  authentication-scheme auth1
  accounting-scheme acc1
  radius-server rd1
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#

#
ip pool pool1
 network 100.64.0.0 mask 255.255.224.0
#


Packet capture shows correct address in Accept response! RADIUS configurations are as follows:


assinante1      Cleartext-Password := "123"
                Service-Type = Framed-User,
                Framed-Protocol = PPP,
                Framed-IP-Address = "100.64.1.2",
                Framed-IP-Netmask = "255.255.255.255",
                Framed-Pool = "pool1"


Featured Answers

Recommended answer

chenhui
Admin Created Dec 24, 2021 01:58:35

Hi,
Please remove the command remote address under the virtual-template interface view and try again.

View more
  • x
  • convention:

l2vc
l2vc Created Dec 24, 2021 09:45:06 (0) (0)
Hi, i've removed but now the subscriber doesn't get any IP address. Take a look:

[BNG]disp access user-id 145

Basic:
User id : 145
User name : assinante1
Domain-name : auth1
User MAC : 00e0-fcd6-2a15
User IP address : 0.0.0.0  
chenhui
chenhui Reply l2vc  Created Dec 24, 2021 09:56:22 (0) (0)
Hi,
Did the RADIUS server distribute the Framed-IP-Address address correctly? If yes, I would suppose that this is a BUG in the eNSP, or it just doesn't support this function.  
l2vc
l2vc Reply chenhui  Created Dec 24, 2021 10:22:03 (0) (0)
Yes, the server distributes the attribute correctly. I'll send you a screenshot  
S_Noch
S_Noch Created Dec 25, 2021 08:00:39 (0) (0)
nice  
All Answers
Hello! Thank you for contacting us.
We are working on an answer for you.
View more
  • x
  • convention:

Hi,
Please remove the command remote address under the virtual-template interface view and try again.

View more
  • x
  • convention:

l2vc
l2vc Created Dec 24, 2021 09:45:06 (0) (0)
Hi, i've removed but now the subscriber doesn't get any IP address. Take a look:

[BNG]disp access user-id 145

Basic:
User id : 145
User name : assinante1
Domain-name : auth1
User MAC : 00e0-fcd6-2a15
User IP address : 0.0.0.0  
chenhui
chenhui Reply l2vc  Created Dec 24, 2021 09:56:22 (0) (0)
Hi,
Did the RADIUS server distribute the Framed-IP-Address address correctly? If yes, I would suppose that this is a BUG in the eNSP, or it just doesn't support this function.  
l2vc
l2vc Reply chenhui  Created Dec 24, 2021 10:22:03 (0) (0)
Yes, the server distributes the attribute correctly. I'll send you a screenshot  
S_Noch
S_Noch Created Dec 25, 2021 08:00:39 (0) (0)
nice  

@chenhui


packet-capture


Testing user with debbuging enabled:

<BNG>test-aaa assinante1 123 radius-template rd1 chap 
Dec 24 2021 18:26:14.873.1-08:00 BNG RDS/7/DEBUG:
RADIUS packet: OUT (TotalLen=131)
Len 1 ~ 131:
01 02 00 83 C6 23 69 98 73 48 51 DC FF 5C 4A 94
EC 58 29 1F 01 0C 61 73 73 69 6E 61 6E 74 65 31
03 13 CD DB 83 F8 AC 79 FC A3 AF B8 AB E7 4A 5D
8E 1A 3C 3C 12 C6 23 69 98 73 48 51 DC FF 5C 4A
94 EC 58 29 1F 06 06 00 00 00 02 07 06 00 00 00
01 20 05 42 4E 47 3D 06 00 00 00 0F 2C 21 42 4E
47 30 30 30 30 30 30 30 30 30 30 30 30 30 30 37
62 39 65 30 34 37 64 30 30 31 30 35 35 04 06 01
01 01 01
<BNG>
Dec 24 2021 18:26:14.873.2-08:00 BNG RDS/7/DEBUG:
[RDS(Evt):] Send a packet(IP:10.0.0.1,Port:1812,Code:Auth req,ID:2 )
<BNG>
Info: Account test succeed.
<BNG>
Dec 24 2021 18:26:14.873.3-08:00 BNG RDS/7/DEBUG:
[Framed-Protocol ] [6 ] [1]
[Framed-IP-Address ] [6 ] [100.64.1.2]
[Framed-IP-Netmask ] [6 ] [255.255.255.255]
[Framed-Pool ] [7 ] [pool1]
[HW-Input-Committed-Information-Rate] [6 ] [121250]
[HW-Output-Committed-Information-Rate] [6 ] [121250]
[HW-Input-Peak-Information-Rate ] [6 ] [121250]
[HW-Output-Peak-Information-Rate ] [6 ] [121250]
[HW-Input-Committed-Burst-Size ] [6 ] [15156250]
[HW-Output-Committed-Burst-Size ] [6 ] [15156250]
[HW-Input-Peak-Burst-Size ] [6 ] [15156250]
[HW-Output-Peak-Burst-Size ] [6 ] [15156250]
Radius Sent a Packet
Server Template: 0
Server IP : 10.0.0.1
Protocol: Standard
Code : 1
Len : 131
ID : 2
[User-Name ] [12] [assinante1]
[CHAP-Password ] [19] [cd db 83 f8 ac 79 fc a3 af b8 ab e
7 4a 5d 8e 1a 3c ]
<BNG>
Dec 24 2021 18:26:14.933.1-08:00 BNG RDS/7/DEBUG:
RADIUS packet: IN (TotalLen=147)
Len 1 ~ 147:
02 02 00 93 13 A8 CA F8 E2 33 7D 56 59 32 BC C9
36 74 D0 9C 06 06 00 00 00 02 07 06 00 00 00 01
08 06 64 40 01 02 09 06 FF FF FF FF 58 07 70 6F
6F 6C 31 1A 0C 00 00 07 DB 02 06 00 01 D9 A2 1A
0C 00 00 07 DB 05 06 00 01 D9 A2 1A 0C 00 00 07
DB 01 06 00 01 D9 A2 1A 0C 00 00 07 DB 04 06 00
01 D9 A2 1A 0C 00 00 07 DB 03 06 00 E7 44 1A 1A
0C 00 00 07 DB 06 06 00 E7 44 1A 1A 0C 00 00 07
DB 4D 06 00 E7 44 1A 1A 0C 00 00 07 DB 4E 06 00
E7 44 1A
<BNG>
Dec 24 2021 18:26:14.933.2-08:00 BNG RDS/7/DEBUG:
[RDS(Evt):] Receive a packet(IP:10.0.0.1,Port:1812,Code:Auth accept,ID:2 )
<BNG>
Dec 24 2021 18:26:14.933.3-08:00 BNG RDS/7/DEBUG:
[CHAP-Challenge ] [18] [c6 23 69 98 73 48 51 dc ff 5c 4a 9
4 ec 58 29 1f ]
[Service-Type ] [6 ] [2]
[Framed-Protocol ] [6 ] [1]
[NAS-Identifier ] [5 ] [BNG]
[NAS-Port-Type ] [6 ] [15]
[Acct-Session-Id ] [33] [BNG000000000000007b9e047d001055]
[NAS-IP-Address ] [6 ] [1.1.1.1]
Radius Received a Packet
Server Template: 0
Server IP : 10.0.0.1
Server Port : 1812
Protocol: Standard
Code : 2
Len : 147
ID : 2
[Service-Type ] [6 ] [2]
[Framed-Protocol ] [6 ] [1]
[Framed-IP-Address ] [6 ] [100.64.1.2]
[Framed-IP-Netmask ] [6 ] [255.255.255.255]
[Framed-Pool ] [7 ] [pool1]
[HW-Input-Committed-Information-Rate] [6 ] [121250]
[HW-Output-Committed-Information-Rate] [6 ] [121250]


View more
  • x
  • convention:

chenhui
chenhui Created Dec 25, 2021 01:05:32 (0) (0)
Hi,
OK, that might due to the eNSP BUG.  
l2vc
l2vc Reply chenhui  Created Dec 25, 2021 23:10:30 (0) (0)
Yes, it's really a bug. I did the same configurations in AR1000v using EVE-NG and everything worked fine.
Thanks for your help.  
chenhui
chenhui Reply l2vc  Created Dec 27, 2021 00:51:30 (0) (0)
You are welcome!  
It's an eNSP bug! The same configurations were tested with AR1000v and worked fine.
View more
  • x
  • convention:

chenhui
chenhui Created Dec 27, 2021 00:51:06 (0) (0)
Thanks for your feedback!  

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.