user authentication including ingress/egress policing

[Marijn van Gool]

Hello all,

As this is my first question to this mailing list, I hope I do it the right way :-) First, this is the version I’m using:

marijn at server1:~$ freeradius -v
freeradius: FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug 26 2015 at 14:47:03
Copyright (C) 1999-2011 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.

I’m not sure about the ‘radiusd’ command. I don’t want to eat my keyboard so livingston is a no, but what about yardradius?

marijn at server1:~$ radiusd -xx -l stdout -f
The program 'radiusd' can be found in the following packages:
 * radiusd-livingston
 * yardradius

Anyhow, on to my question.

I’m a network engineer at an ISP which delivers Internet connections to business clients. Since IP Space is running out, we decided to use subscriber management on the MX router.
Now, although we’ve got this part working (using Framed-IP-Address and Framed-Netmask attributes), even with QinQ, now comes the part where we want to limit bandwidth on QinQ connections.
Juniper itself says that I should use RADIUS VSA’s 26-10 and 26-11 or Ingress/Egress-Policy-Name. Other documents say I should use the unisphere dictionary using Unisphere-Ingress/Egress-Policy-Name.
However, this dictionary was not part of my configuration. I decided to ‘just add’ the dictionary to /usr/share/freeradius directory and add an $INCLUDE to the main dictionary file. Then I restarted the service.

Unfortunately it’s still not working. What am I missing here? This is how I built up the radreply records, the username is the same as where the IP address and netmask are configured.



If you need any other output, please ask. I don’t know where to look anymore.

Marijn