Proxy CoA packet from network control to NAS(same as CoA server) configs in case of many many NASes.
Sergey Komarov
sergey.komaroff at gmail.com
Thu Jul 16 15:18:25 CEST 2015
Sorry for debug quotes, for the first case a little bit different error
(port is original here, but coa home server has port 1700 at proxy.conf):
Waking up in 0.2 seconds.
(65) Received CoA-Request Id 238 from 10.1.1.2:24820 to 10.1.1.174:3799
length 113
(65) User-Name = "bc-92-6b-20-16-66"
(65) Calling-Station-Id = "bc-92-6b-20-16-66"
(65) Cisco-AVPair = "subscriber:command=account-reauthenticate"
(65) NAS-IP-Address = 10.16.35.46
(65) # Executing section recv-coa from file
/usr/local/etc/raddb/sites-enabled/coa
(65) recv-coa {
(65) [suffix] = noop
(65) update control {
(65) Packet-Dst-IP-Address := &NAS-IP-Address -> 10.16.35.46
(65) } # update control = noop
(65) [ok] = ok
(65) } # recv-coa = ok
No such home server 10.16.35.46 port 3799
(65) Not sending reply to client.
(65) Finished request
So it looks like server can't find such home server in case if it search it
by IP address not by home server pool name... pool name works ok.
Best Regards, Sergey Komaroff
On Thu, Jul 16, 2015 at 4:14 PM, Sergey Komarov <sergey.komaroff at gmail.com>
wrote:
> Hello Alan and colleagues,
>
>
> Yes, I've tried to do so.
> In case I write as you said I get:
>
> Waking up in 0.4 seconds.
> (22) Received CoA-Request Id 187 from 10.1.1.1:17809 to 10.1.1.174:3799
> length 113
> (22) User-Name = "78-6c-1c-94-d2-07"
> (22) Calling-Station-Id = "78-6c-1c-94-d2-07"
> (22) Cisco-AVPair = "subscriber:command=account-reauthenticate"
> (22) NAS-IP-Address = 10.56.33.190
> (22) # Executing section recv-coa from file
> /usr/local/etc/raddb/sites-enabled/coa
> (22) recv-coa {
> (22) [suffix] = noop
> (22) update control {
> (22) Packet-Dst-IP-Address := &NAS-IP-Address -> 10.56.33.190
> (22) Packet-Dst-Port := 1700
> (22) } # update control = noop
> (22) [ok] = ok
> (22) } # recv-coa = ok
> *No such home server 10.56.33.190 port 14346*
> (22) Not sending reply to client.
> (22) Finished request
> (22) <done>: Cleaning up request packet ID 187 with timestamp +5
> Waking up in 0.2 seconds.
>
> In case I add also port (Packet-Dst-Port := 1700) I get this:
>
> Waking up in 2.9 seconds.
> (13) Received CoA-Request Id 198 from 10.1.1.1:11374 to 10.1.1.174:3799
> length 113
> (13) User-Name = "60-d9-c7-32-4f-02"
> (13) Calling-Station-Id = "60-d9-c7-32-4f-02"
> (13) Cisco-AVPair = "subscriber:command=account-reauthenticate"
> (13) NAS-IP-Address = 10.56.33.174
> (13) # Executing section recv-coa from file
> /usr/local/etc/raddb/sites-enabled/coa
> (13) recv-coa {
> (13) [suffix] = noop
> (13) update control {
> (13) Packet-Dst-IP-Address := &NAS-IP-Address -> 10.56.33.174
> (13) Packet-Dst-Port := 1700
> (13) } # update control = noop
> (13) [ok] = ok
> (13) } # recv-coa = ok
> *No such home server 10.56.33.174 port 14346*
> (13) Not sending reply to client.
> (13) Finished request
> (13) <done>: Cleaning up request packet ID 198 with timestamp +2
> Waking up in 2.8 seconds.
>
>
> Thank you in advance for your comments!
>
>
> Best Regards, Sergey Komaroff
>
>
>
>
> On Thu, Jul 16, 2015 at 3:01 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Jul 16, 2015, at 4:19 AM, Sergey Komarov <sergey.komaroff at gmail.com>
>> wrote:
>> >
>> > I've tried to use clients.conf and derive home servers from that
>> section as
>> > announced in 3.0.7. It would simplify but I can't proxy to such kind of
>> > unnamed home server (or I can? This is what I didn't find in any docs
>> too.
>> > Sorry).
>>
>> Just do:
>>
>> update control {
>> Packet-Dst-IP-Address := 192.0.2.4
>> }
>>
>> which is the IP of the NAS.
>>
>> > 2. Is there any way to use something in coa section like update control
>> > Home-Server := "%{NAS-IP-Address}" or some other options to proxy CoA
>> > packets to NAS/CoA server?
>>
>> Yes.
>>
>> update control {
>> Packet-Dst-IP-Address := &NAS-IP-Address
>> }
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
More information about the Freeradius-Users
mailing list