update reply: "Juniper-Primary-Dns"

Bjørn Mork bjorn at mork.no
Tue Jun 16 21:50:36 CEST 2015


Amir Tal <amir at ccc.co.il> writes:

> When testing this, values are added to reply, this was confirmed by enabling "reply_log" in freeradius.
> Example:
> Tue Jun 16 18:54:07 2015
>         Packet-Type = Access-Accept
>         Juniper-Primary-Dns = 109.226.x.x
>         Juniper-Secondary-Dns = 109.226.x.x
>         Framed-Protocol = PPP
>         Framed-Compression = Van-Jacobson-TCP-IP
>         ERX-Egress-Statistics := enable
>         ERX-Ingress-Statistics := enable
>         ERX-Egress-Policy-Name := "100MB"
>         ERX-Ingress-Policy-Name := "4mb"
>         Framed-MTU = 1512
>         Framed-Pool := "fast"
>
> But, this is not passed to the client, NAS still overrides this with default values.

Which NAS platform is this? Note that the ERX-* and Juniper-* VSAs don't
usually mix.  Assuming this is an MX, I believe you have to use
Unisphere (aka ERX) VSAs for the subscriber management stuff.

See http://www.juniper.net/techpubs/en_US/junos14.1/topics/reference/general/aaa-subscriber-access-radius-vsa.html


The clue is in the "The AAA Service Framework uses vendor ID 4874".  The
Juniper-*-Dns VSAs are defined by vendor ID 2636.

I assume you are looking for Unisphere-Primary-Dns and
Unisphere-Secondary-Dns in modern FR, or ERX-Primary-Dns and
ERX-Secondary-Dns in the legacy FR.


Bjørn



More information about the Freeradius-Users mailing list