WiMAX HA access-request problem
Webb Allen
allen.web65 at gmail.com
Sun Oct 4 11:19:12 CEST 2009
Hi All,
I am using the FreeRADIUS 2.1.7 for WiMAX authentication.Everything is fine
in WiMAX authetication phase 1.
FreeRADIUS send the Access-Accept message to ASN-GW with some required
attributes as below.
Sending Access-Accept of id 23 to 192.168.10.10 port 6001
MS-MPPE-Recv-Key =
0xdd32bb1bf83d56f4493782d3244f5d501011ffce043c3f5d70fb2f8ec22675c7
MS-MPPE-Send-Key =
0xd131eacf354482cec6a997bd7b25e7660f96c85f0290572af781fbe6f79e31fa
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
Service-Type = Framed-User
Framed-MTU = 1400
WiMAX-HA-RK-Lifetime = 172788
WiMAX-hHA-IP-MIP4 = 172.16.10.10
WiMAX-HA-RK-Key = 0xe3004e23455fd2e998b8def4dfe9ddaa34528742
WiMAX-HA-RK-SPI = 283734
WiMAX-FA-RK-Key = 0x85dd1a75f40398fe0168602b3a200a235db058fd
WiMAX-MSK =
0xdd32bb1bf83d56f4493782d3244f5d501011ffce043c3f5d70fb2f8ec22675c7d131eacf354482cec6a997bd7b25e7660f96c85f0290572af781fbe6f79e31fa
WiMAX-AAA-Session-Id = 0xc4e88757e4a7773cb7868674d19199e4
WiMAX-Capability = 0x020301
WiMAX-Packet-Flow-Descriptor =
0x01040001030600000002040303050307060301
WiMAX-DNS-Server = 172.16.1.1
Session-Timeout = 43200
Termination-Action = RADIUS-Request
Chargeable-User-Identity = "test at testwimax.com"
WiMAX-MN-hHA-MIP4-Key = 0x58c32ecc237cdc44474cc0a32b4203e511c6d569
WiMAX-MN-hHA-MIP4-SPI = 571665657
WiMAX-FA-RK-SPI = 571665656
In phase 2, ASN-GW send the MobileIP registration request to Home Agent.
The Home Agent will check this MIP RRQ is valid or not by sending a radius
request to AAA.
FreeRADIUS received the request as below:
rad_recv: Access-Request packet from host 172.16.10.10 port 52511, id=10,
length=213
Packet-Type = Access-Request
User-Name = "test at testwimax.com"
NAS-IP-Address = 172.16.10.10
NAS-Identifier = "HA_1"
WiMAX-HA-RK-SPI = 283734
Framed-IP-Address = 0.0.0.0
WiMAX-MN-HA-MIP4-SPI = 571665657
WiMAX-hHA-IP-MIP4 = 172.16.10.10
Vendor-Specific = 0x00001fe4180600000003
Vendor-Specific = 0x00001fe4a906d34f3f31
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = 3
WiMAX-GMT-Timezone-offset = 28800
Service-Type = Framed-User
Event-Timestamp = "Sep 30 2009 15:21:22 CST"
Message-Authenticator = 0x30f398da4df2f3673568f56b36063a2b
Chargeable-User-Identity = "NUL"
I set the FreeRADIUS to send the Home Agent the Access-accept packet with
some attribute(WiMAX-HA-RK-SPI,WiMAX-HA-RK-Key) with fixed value.
But the FreeRADIUS can not generate the WiMAX-MN-hHA-MIP4-Key and
WiMAX-MN-hHA-MIP4-SPI for that request.
so Home Agent fail to validate the MIP RRQ because short of the
attribute(WiMAX-MN-hHA-MIP4-Key and WiMAX-MN-hHA-MIP4-SPI).
Is that any configurations for FreeRADIUS to generate the original
WiMAX-MN-hHA-MIP4-Key and WiMAX-MN-hHA-MIP4-SPI for Home Agent
Authentication request,
or can the FreeRADIUS cache the keys been generated in phase 1 and for use
in phase 2 authentication?
Thanks and Regards,
Allen Web
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091004/ff317dcd/attachment.html>
More information about the Freeradius-Users
mailing list