Ascend-Data-Filter with srcip from ippool

Andreas Kalb (akalb) akalb at cisco.com
Wed Apr 2 00:40:36 CEST 2008 

Hello again,

based on the last experience having different servers existing, I build
the system from scratch and stood as closely as possible to defaults.

All is working well concerning the ip-pool. It was the duplicated
server, Alan pointed out.

Now I'm back to my original problem, where I wanted to use an
Ascend-filter with entries matching IP-address from pool. I still don't
know, how to change order of modules to make the IP-address known to the
files-module and appreciated your uidance again.

Kind Regards,

    Andreas

users:
DEFAULT User-Name := "test_...", Pool-Name := test_pool,
Cleartext-Password := cisco
                Service-Type == Framed-User,
                Framed-Protocol = PPP,
                Session-Timeout = 65000,
                Idle-Timeout = 3600,
                Ascend-Maximum-Time = 64000,
                Ascend-Idle-Limit = 3600,
                Ascend-Data-Filter := "ip in forward srcip
%{reply:Framed-IP-Address}/32 dstip 1.1.1.2/32"

debugs:
...
++[unix] returns notfound
    users: Matched entry DEFAULT at line 125
        expand: ip in forward srcip %{reply:Framed-IP-Address}/32 dstip
1.1.1.2/32 -> ip in forward srcip /32 dstip 1.1.1.2/32
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
  rad_check_password:  Found Auth-Type 
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "cisco"
rlm_pap: Using clear text password "cisco"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [test_001/cisco] (from client bb-10k port 808583209)
+- entering group post-auth
        expand: %{NAS-IP-Address} %{NAS-Port} -> 172.16.1.7 808583209
rlm_ippool: MD5 on 'key' directive maps to:
4c8d9b7e94410e9a58cd8ec24b47f8b1
rlm_ippool: Searching for an entry for key:
'4c8d9b7e94410e9a58cd8ec24b47f8b1'
rlm_ippool: Allocating ip to key: '4c8d9b7e94410e9a58cd8ec24b47f8b1'
rlm_ippool: num: 1
rlm_ippool: Allocated ip 172.16.100.69 to client key:
4c8d9b7e94410e9a58cd8ec24b47f8b1
++[test_pool] returns ok
        Service-Type == Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 65000
        Idle-Timeout = 3600
        Ascend-Maximum-Time = 64000
        Ascend-Idle-Limit = 3600
        Ascend-Data-Filter := "ip in forward dstip 1.1.1.2/32 0"
        Framed-IP-Address = 172.16.100.69
        Framed-IP-Netmask = 255.255.255.0
Finished request 1.

More information about the Freeradius-Users mailing list