WiMAX HA access-request problem

Webb Allen allen.web65 at gmail.com
Sun Oct 4 11:19:12 CEST 2009


Hi All,

I am using the FreeRADIUS 2.1.7 for WiMAX authentication.Everything is fine
in WiMAX authetication phase 1.
FreeRADIUS send the Access-Accept message to ASN-GW with some required
attributes as below.

Sending Access-Accept of id 23 to 192.168.10.10 port 6001
        MS-MPPE-Recv-Key =
0xdd32bb1bf83d56f4493782d3244f5d501011ffce043c3f5d70fb2f8ec22675c7
        MS-MPPE-Send-Key =
0xd131eacf354482cec6a997bd7b25e7660f96c85f0290572af781fbe6f79e31fa
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        Service-Type = Framed-User
        Framed-MTU = 1400
        WiMAX-HA-RK-Lifetime = 172788
        WiMAX-hHA-IP-MIP4 = 172.16.10.10
        WiMAX-HA-RK-Key = 0xe3004e23455fd2e998b8def4dfe9ddaa34528742
        WiMAX-HA-RK-SPI = 283734
        WiMAX-FA-RK-Key = 0x85dd1a75f40398fe0168602b3a200a235db058fd
        WiMAX-MSK =
0xdd32bb1bf83d56f4493782d3244f5d501011ffce043c3f5d70fb2f8ec22675c7d131eacf354482cec6a997bd7b25e7660f96c85f0290572af781fbe6f79e31fa
        WiMAX-AAA-Session-Id = 0xc4e88757e4a7773cb7868674d19199e4
        WiMAX-Capability = 0x020301
        WiMAX-Packet-Flow-Descriptor =
0x01040001030600000002040303050307060301
        WiMAX-DNS-Server = 172.16.1.1
        Session-Timeout = 43200
        Termination-Action = RADIUS-Request
        Chargeable-User-Identity = "test at testwimax.com"
        WiMAX-MN-hHA-MIP4-Key = 0x58c32ecc237cdc44474cc0a32b4203e511c6d569
        WiMAX-MN-hHA-MIP4-SPI = 571665657
        WiMAX-FA-RK-SPI = 571665656

In phase 2, ASN-GW send the MobileIP registration request to Home Agent.
The Home Agent will check this MIP RRQ is valid or not by sending a radius
request to AAA.

FreeRADIUS received the request as below:

rad_recv: Access-Request packet from host 172.16.10.10 port 52511, id=10,
length=213
        Packet-Type = Access-Request
        User-Name = "test at testwimax.com"
        NAS-IP-Address = 172.16.10.10
        NAS-Identifier = "HA_1"
        WiMAX-HA-RK-SPI = 283734
        Framed-IP-Address = 0.0.0.0
        WiMAX-MN-HA-MIP4-SPI = 571665657
        WiMAX-hHA-IP-MIP4 = 172.16.10.10
        Vendor-Specific = 0x00001fe4180600000003
        Vendor-Specific = 0x00001fe4a906d34f3f31
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = 3
        WiMAX-GMT-Timezone-offset = 28800
        Service-Type = Framed-User
        Event-Timestamp = "Sep 30 2009 15:21:22 CST"
        Message-Authenticator = 0x30f398da4df2f3673568f56b36063a2b
        Chargeable-User-Identity = "NUL"

I set the FreeRADIUS to send the Home Agent the Access-accept packet with
some attribute(WiMAX-HA-RK-SPI,WiMAX-HA-RK-Key) with fixed value.
But the FreeRADIUS can not generate the WiMAX-MN-hHA-MIP4-Key and
WiMAX-MN-hHA-MIP4-SPI for that request.
so Home Agent fail to validate the MIP RRQ because short of the
attribute(WiMAX-MN-hHA-MIP4-Key and WiMAX-MN-hHA-MIP4-SPI).
Is that any configurations for FreeRADIUS to generate the original
WiMAX-MN-hHA-MIP4-Key and WiMAX-MN-hHA-MIP4-SPI for Home Agent
Authentication request,
or can the FreeRADIUS cache the keys been generated in phase 1 and for use
in phase 2 authentication?


Thanks and Regards,

Allen Web
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091004/ff317dcd/attachment.html>


More information about the Freeradius-Users mailing list