CoA-Ack and radclient/radiusd
Anton G.
ak at smpmontag.ru
Fri Aug 21 11:36:44 CEST 2009
Hello,
I have a strange problem with CoA-Ack receive
I send test Coa packet to nas (juniper erx), the nas sees the packet and do
corresponding action as well, and sends Coa-Ack back
Nothing strange in nas debug or tcpdump
But radclient says:
some# /usr/local/bin/radclient -t20 -r 1 -c 1 -f ./user-81-200-27-42.rad -x
10.200.27.3:1700 coa su29
Sending CoA-Request of id 44 to 10.200.27.3 port 1700
User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
ERX-Virtual-Router-Name = "default:vrf_nat1"
Framed-IP-Address = 10.200.27.42
ERX-Service-Activate:2 = "setmv(10.200.27.42,000e.0cb9.3140,vrf_nat1)"
ERX-Service-Timeout:2 = 20
rad_recv: CoA-ACK packet from host 10.200.27.3 port 1700, id=44, length=20
radclient: received response to request we did not send. (id=44 socket 3)
radclient: no response from server for ID 44 socket 3
some#
I can`t clearly understand why..
And using radiusd CoA functionality i get similar behavior,
but in that case i`m not sure if my config is ok to handle CoA-Ack
Have update action in acconting section
accounting {
if ("%{Acct-Session-Id}" =~ /:/) {
if ("%{Acct-Status-Type}" == "Start") {
update coa {
User-Name := "%{User-Name}"
ERX-Virtual-Router-Name := "default:vrf_nat1"
ERX-Service-Activate:2 += "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
ERX-Service-Timeout:2 += 20
}
}
}
ok
}
and get
rad_recv: Accounting-Request packet from host 10.200.27.3 port 50125, id=187,
length=283
Acct-Status-Type = Start
User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
Event-Timestamp = "Aug 21 2009 13:25:51 MSD"
Acct-Delay-Time = 0
NAS-Identifier = "bsr01-su29"
Acct-Session-Id = "0024163640:0016777349"
ERX-Service-Session =
"inetpublic(10.200.27.42,000e.0cb9.3141,vrf_nat1,gi5/0/0.951,0,0,20485760,20485760)"
NAS-IP-Address = 10.200.27.3
Framed-IP-Address = 10.200.27.42
Calling-Station-Id = "#bsr01-su29#E50#951"
NAS-Port-Type = Ethernet
NAS-Port = 671089591
NAS-Port-Id = "GigabitEthernet 5/0/0.951:951"
Acct-Authentic = RADIUS
+- entering group preacct {...}
++[preprocess] returns ok
++[files] returns noop
+- entering group accounting {...}
++? if ("%{Acct-Session-Id}" =~ /:/)
expand: %{Acct-Session-Id} -> 0024163640:0016777349
? Evaluating ("%{Acct-Session-Id}" =~ /:/) -> TRUE
++? if ("%{Acct-Session-Id}" =~ /:/) -> TRUE
++- entering if ("%{Acct-Session-Id}" =~ /:/) {...}
+++? if ("%{Acct-Status-Type}" == "Start")
expand: %{Acct-Status-Type} -> Start
? Evaluating ("%{Acct-Status-Type}" == "Start") -> TRUE
+++? if ("%{Acct-Status-Type}" == "Start") -> TRUE
+++- entering if ("%{Acct-Status-Type}" == "Start") {...}
expand: %{User-Name} -> 10.200.27.42.vrf_nat1.vlan.5.0.0.951
++++[coa] returns noop
+++- if ("%{Acct-Status-Type}" == "Start") returns noop
++- if ("%{Acct-Session-Id}" =~ /:/) returns noop
++[ok] returns ok
Sending Accounting-Response of id 187 to 10.200.27.3 port 50125
WARNING: Empty section. Using default return values.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
ERX-Virtual-Router-Name = "default:vrf_nat1"
ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
ERX-Service-Timeout:2 = 20
ERX-Service-Statistics:2 = disabled
Finished request 2.
Cleaning up request 2 ID 187 with timestamp +4
Going to the next request
Waking up in 2.1 seconds.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
ERX-Virtual-Router-Name = "default:vrf_nat1"
ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
ERX-Service-Timeout:2 = 20
ERX-Service-Statistics:2 = disabled
Waking up in 1.5 seconds.
Cleaning up request 0 ID 52 with timestamp +3
Waking up in 2.7 seconds.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
ERX-Virtual-Router-Name = "default:vrf_nat1"
ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
ERX-Service-Timeout:2 = 20
ERX-Service-Statistics:2 = disabled
Waking up in 8.7 seconds.
rad_recv: CoA-ACK packet from host 10.200.27.3 port 1700, id=128, length=20
Ignoring proxy reply that arrived after we sent a reply to the NAS
Waking up in 8.3 seconds.
Sending CoA-Request of id 128 to 10.200.27.3 port 1700
User-Name = "10.200.27.42.vrf_nat1.vlan.5.0.0.951"
ERX-Virtual-Router-Name = "default:vrf_nat1"
ERX-Service-Activate:2 = "setmv(10.200.27.42, 000e.0cb9.3141, vrf_nat1)"
ERX-Service-Timeout:2 = 20
ERX-Service-Statistics:2 = disabled
Waking up in 14.6 seconds.
rad_recv: CoA-ACK packet from host 10.200.27.3 port 1700, id=128, length=20
Ignoring proxy reply that arrived after we sent a reply to the NAS
Waking up in 14.6 seconds.
No response to CoA request sent to 10.200.27.3
Found Post-Proxy-Type
+- entering group Fail-CoA {...}
++[ok] returns ok
Finished request 2.
Cleaning up request 2 ID 187 with timestamp +4
Going to the next request
...
Thanks.
More information about the Freeradius-Users
mailing list