<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Verdana","sans-serif";
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Hi,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>We are using Cisco and Juniper devices as LAC’s to terminate DSL sessions before sending on via L2TP to customer LNS’s. We allow our customers to use radius Attribute 67 via our radius servers to specify the tunnel-server-endpoint for their sessions.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>We have been using Cisco LACs predominantly over the last couple of years but now have a need to move to Juniper kit for scalability constraints. The issue I have is how we allow customers to specify groups of radius reply values for failover/load balancing across their LNS’s.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Below is an example showing what we are sending back to our Cisco LAC’s (please note the use of += as the operator for the “second” group in the list):<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Sending Access-Accept of id 216 to 192.168.1.1 port 50075<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Client-Auth-Id:1 = "xxxxxxxx"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Type:1 = L2TP<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Password:1 = "yyyyyyy"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Server-Endpoint:1 = "1.2.3.4"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Preference:1 = 10<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Client-Auth-Id:2 += " xxxxxxxx"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Type:2 += L2TP<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Password:2 += " yyyyyyy"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Server-Endpoint:2 += "1.2.3.5"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Preference:2 += 10<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>The issue I have is that the Juniper device will not process the += operator based results, so in order to have the same functionailty, the radius result would have to look like below (please note there is no += anymore):<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Sending Access-Accept of id 217 to 192.168.1.1 port 50075<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Client-Auth-Id:1 = "xxxxxxxx"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Type:1 = L2TP<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Password:1 = "yyyyyyy"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Server-Endpoint:1 = "1.2.3.4"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Preference:1 = 10<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Client-Auth-Id:2 = " xxxxxxxx"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Type:2 = L2TP<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Password:2 = " yyyyyyy"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Server-Endpoint:2 = "1.2.3.5"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'> Tunnel-Preference:2 = 10<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>I have a case open with Juniper to resolve the +=/= issue, but I haven’t got an ETA of the fix yet, and I cannot just wait for it. I cannot force all of my customers to change the attributes they send me back from proxying based on the NAS-IP-Address, so I have to make the necessary changes myself on my radius servers. I know I can add a bit of code in post proxy using ulang to carry out something when the Juniper devices IP’s are listed as the NAS-IP-Address, but I cannot see how to change the operator that is sent from += to =. The only complication I have is that people could send back upto 8 groups to me, and there is no guarantee that the groups will be number 1,2,3,4 etc, the customer could choose anything they like.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Anyone got any ideas or able to point me in the right direction?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Thanks<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>Dan<o:p></o:p></span></p><div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;padding:0cm 0cm 1.0pt 0cm'><p class=MsoNormal style='border:none;padding:0cm'><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal style='border:none;padding:0cm'><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";mso-fareast-language:EN-GB'><o:p> </o:p></span></p></div><p class=MsoNormal><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#333333;mso-fareast-language:EN-GB'>Technical Manager</span></b><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></b></p><p class=MsoNormal><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'>T</span></b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'> 0845 868 7848</span><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'>F</span></b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'> 0845 868 7858</span><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><a href="http://www.fluidata.co.uk/"><span style='color:#244061'>www.fluidata.co.uk</span></a></span><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:EN-GB'><a href="http://www.twitter.com/fluidata"><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061'>www.twitter.com/fluidata</span></a></span><span lang=EN-US style='font-size:5.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'>2 More London SE1 2AP</span><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'>get your data flowing ...</span></b><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";color:#244061;mso-fareast-language:EN-GB'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";color:#333333;mso-fareast-language:EN-GB'>This message is intended solely for the use of the individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Fluidata Ltd. Fluidata accepts no responsibility for loss or damage arising from its use, including damage from virus.</span><span style='font-size:7.0pt;font-family:"Verdana","sans-serif";color:#333333;mso-fareast-language:EN-GB'><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>