Framed-IP-Address AVP missing

Rajkumar R rajkumar.r at aricent.com
Fri Feb 11 07:06:09 CET 2011 

Hi,

This query is related to Cisco-7206 equipment behavior.

We have a Cisco 7206(IOS12.2(33)) equipment associated with freeRadius server2.1.10.  Upon PPPOE client start, dynamic IP is assigned from the IP-Pool to the PPPOE client. However this IP address, is not included in the Frame-IP-Address AVP sent in the Access-Request message from the NAS. Request to provide your inputs on this, as this is reported across other forums(unfortunately, no answers available there :))

I have enabled this AVP inclusion with the NAS command, radius-server attribute 8 include-in-access-req

Also find the configuration which I have used for your info:


Current configuration : 3420 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCOBRAS
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$NS9k$AMTl8utX2OqwQbWtVsNQX0
enable password abcd
!
aaa new-model
!
!
aaa group server radius bsnl
 server 172.31.113.137 auth-port 1812 acct-port 1813
!
aaa group server radius gsds
 server 172.31.113.135 auth-port 1812 acct-port 1813
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa authorization subscriber-service default local
aaa accounting network default start-stop broadcast group bsnl group gsds
!
!
!
!
aaa server radius dynamic-author
 client 172.31.113.135 server-key testing123
 server-key testing123
 auth-type any
 ignore session-key
!
aaa session-id common
ip subnet-zero
!
!
!
ip cef
ip host gsds 172.31.113.135
ip host bsnl 172.31.113.137
ip host isp 172.31.113.137
ip address-pool local
!
!
service-policy type control L2_ACCESS
redirect server-group GSDS_SRV
 server ip 172.31.113.135 port 80
!
redirect server-group ISP_SRV
 server ip 172.31.113.136 port 80
!
multilink bundle-name authenticated
no call rsvp-sync
!
!
!
!
!
!
!
username abcd password 0 abcd
!
class-map type traffic match-any PPP_SESSION_TRAFFIC_GRAS
 match access-group input name ACL_GRAS_USER
!
class-map type traffic match-any PPP_SESSION_TRAFFIC
 match access-group input name ACL_BSNL_USER
!
class-map type control match-all GRASBERG
 match unauthenticated-domain gsds
!
class-map type control match-all PPP_SESSION
 match protocol ppp
!
policy-map type service SVC_GSDS
 service local
 class type traffic PPP_SESSION_TRAFFIC_GRAS
  redirect to group GSDS_SRV
 !
!
policy-map type service SVC_GSDS_TO_INTERNET
 service local
 class type traffic PPP_SESSION_TRAFFIC_GRAS
  redirect to group ISP_SRV
 !
!
policy-map type control L2_ACCESS
 class type control PPP_SESSION event session-start
  1 collect identifier unauthenticated-domain
  2 service-policy type control DOMAIN_BASED_ACCESS
 !
!
policy-map type control DOMAIN_BASED_ACCESS
 class type control GRASBERG event session-start
  1 authenticate aaa list default
  2 service-policy type service name SVC_GSDS
 !
!
!
!
!
!
!
bba-group pppoe BSNL_BBA_GROUP
 virtual-template 1
!
!
interface FastEthernet1/0
 ip address 172.31.113.150 255.255.255.0
 no ip route-cache cef
 no ip route-cache
 duplex full
!
interface FastEthernet1/1
 description PPPoE
 ip address 10.10.10.4 255.255.255.0
 no ip route-cache cef
 no ip route-cache
 duplex full
 pppoe enable group BSNL_BBA_GROUP
!
interface Virtual-Template1
 ip unnumbered FastEthernet1/1
 peer default ip address pool GRAS_IP_POOL
 ppp authentication chap callin
!
ip local pool GRAS_IP_POOL 10.10.10.20
ip default-gateway 10.10.10.4
ip classless
!
!
no ip http server
no ip http secure-server
!
ip access-list standard ACL_GRAS_USER
 permit 10.10.10.0 0.0.0.255
!
!
!
radius-server attribute 8 include-in-access-req
radius-server attribute 11 default direction in
radius-server host 172.31.113.137 auth-port 1812 acct-port 1813
radius-server host 172.31.113.135 auth-port 1812 acct-port 1813
radius-server key testing123
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password cisco
!
end




thanks,
Raj

________________________________
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110211/e14956c0/attachment.html>

More information about the Freeradius-Users mailing list