CoA-Ack and radclient/radiusd

Anton G. ak at smpmontag.ru
Fri Aug 21 11:36:44 CEST 2009 

Hello,

I have a strange problem with CoA-Ack receive

I send test Coa packet to nas (juniper erx), the nas sees the packet and do 
corresponding action as well, and sends Coa-Ack back
Nothing strange in nas debug or tcpdump

But radclient says:

some# /usr/local/bin/radclient -t20 -r 1 -c 1 -f ./user-81-200-27-42.rad -x 
10.200.27.3:1700 coa su29
Sending CoA-Request of id 44 to 10.200.27.3 port 1700
         User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
         ERX-Virtual-Router-Name = "default:vrf_nat1"
         Framed-IP-Address = 10.200.27.42
         ERX-Service-Activate:2 = "setmv(10.200.27.42,000e.0cb9.3140,vrf_nat1)"
         ERX-Service-Timeout:2 = 20
rad_recv: CoA-ACK packet from host 10.200.27.3 port 1700, id=44, length=20
radclient: received response to request we did not send. (id=44 socket 3)

radclient: no response from server for ID 44 socket 3
some#

I can`t clearly understand why..




And using  radiusd CoA functionality i get similar behavior,
but in that case i`m not sure if my config is ok to handle CoA-Ack

Have update action in acconting section

accounting {
if ("%{Acct-Session-Id}" =~ /:/) {
  if ("%{Acct-Status-Type}" == "Start") {
     update coa {
      User-Name := "%{User-Name}"
      ERX-Virtual-Router-Name := "default:vrf_nat1"
      ERX-Service-Activate:2 += "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
      ERX-Service-Timeout:2 += 20
     }
  }
}
ok
}


and get


rad_recv: Accounting-Request packet from host 10.200.27.3 port 50125, id=187, 
length=283
         Acct-Status-Type = Start
         User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
         Event-Timestamp = "Aug 21 2009 13:25:51 MSD"
         Acct-Delay-Time = 0
         NAS-Identifier = "bsr01-su29"
         Acct-Session-Id = "0024163640:0016777349"
         ERX-Service-Session = 
"inetpublic(10.200.27.42,000e.0cb9.3141,vrf_nat1,gi5/0/0.951,0,0,20485760,20485760)"
         NAS-IP-Address = 10.200.27.3
         Framed-IP-Address = 10.200.27.42
         Calling-Station-Id = "#bsr01-su29#E50#951"
         NAS-Port-Type = Ethernet
         NAS-Port = 671089591
         NAS-Port-Id = "GigabitEthernet 5/0/0.951:951"
         Acct-Authentic = RADIUS
+- entering group preacct {...}
++[preprocess] returns ok
++[files] returns noop
+- entering group accounting {...}
++? if ("%{Acct-Session-Id}" =~ /:/)
         expand: %{Acct-Session-Id} -> 0024163640:0016777349
? Evaluating ("%{Acct-Session-Id}" =~ /:/) -> TRUE
++? if ("%{Acct-Session-Id}" =~ /:/) -> TRUE
++- entering if ("%{Acct-Session-Id}" =~ /:/) {...}
+++? if ("%{Acct-Status-Type}" == "Start")
         expand: %{Acct-Status-Type} -> Start
? Evaluating ("%{Acct-Status-Type}" == "Start") -> TRUE
+++? if ("%{Acct-Status-Type}" == "Start") -> TRUE
+++- entering if ("%{Acct-Status-Type}" == "Start") {...}
         expand: %{User-Name} -> 10.200.27.42.vrf_nat1.vlan.5.0.0.951
++++[coa] returns noop
+++- if ("%{Acct-Status-Type}" == "Start") returns noop
++- if ("%{Acct-Session-Id}" =~ /:/) returns noop
++[ok] returns ok
Sending Accounting-Response of id 187 to 10.200.27.3 port 50125
   WARNING: Empty section.  Using default return values.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
         User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
         ERX-Virtual-Router-Name = "default:vrf_nat1"
         ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
         ERX-Service-Timeout:2 = 20
         ERX-Service-Statistics:2 = disabled
Finished request 2.
Cleaning up request 2 ID 187 with timestamp +4
Going to the next request
Waking up in 2.1 seconds.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
         User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
         ERX-Virtual-Router-Name = "default:vrf_nat1"
         ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
         ERX-Service-Timeout:2 = 20
         ERX-Service-Statistics:2 = disabled
Waking up in 1.5 seconds.
Cleaning up request 0 ID 52 with timestamp +3
Waking up in 2.7 seconds.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
         User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
         ERX-Virtual-Router-Name = "default:vrf_nat1"
         ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
         ERX-Service-Timeout:2 = 20
         ERX-Service-Statistics:2 = disabled
Waking up in 8.7 seconds.
rad_recv: CoA-ACK packet from host 10.200.27.3 port 1700, id=128, length=20
Ignoring proxy reply that arrived after we sent a reply to the NAS
Waking up in 8.3 seconds.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
         User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
         ERX-Virtual-Router-Name = "default:vrf_nat1"
         ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
         ERX-Service-Timeout:2 = 20
         ERX-Service-Statistics:2 = disabled
Waking up in 14.6 seconds.
rad_recv: CoA-ACK packet from host 10.200.27.3 port 1700, id=128, length=20
Ignoring proxy reply that arrived after we sent a reply to the NAS
Waking up in 14.6 seconds.
No response to CoA request sent to 10.200.27.3
   Found Post-Proxy-Type
+- entering group Fail-CoA {...}
++[ok] returns ok
Finished request 2.
Cleaning up request 2 ID 187 with timestamp +4
Going to the next request
...



Thanks.

More information about the Freeradius-Users mailing list