Framed-IP-Address AVP missing
Rajkumar R
rajkumar.r at aricent.com
Fri Feb 11 07:06:09 CET 2011
Hi,
This query is related to Cisco-7206 equipment behavior.
We have a Cisco 7206(IOS12.2(33)) equipment associated with freeRadius server2.1.10. Upon PPPOE client start, dynamic IP is assigned from the IP-Pool to the PPPOE client. However this IP address, is not included in the Frame-IP-Address AVP sent in the Access-Request message from the NAS. Request to provide your inputs on this, as this is reported across other forums(unfortunately, no answers available there :))
I have enabled this AVP inclusion with the NAS command, radius-server attribute 8 include-in-access-req
Also find the configuration which I have used for your info:
Current configuration : 3420 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCOBRAS
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$NS9k$AMTl8utX2OqwQbWtVsNQX0
enable password abcd
!
aaa new-model
!
!
aaa group server radius bsnl
server 172.31.113.137 auth-port 1812 acct-port 1813
!
aaa group server radius gsds
server 172.31.113.135 auth-port 1812 acct-port 1813
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa authorization subscriber-service default local
aaa accounting network default start-stop broadcast group bsnl group gsds
!
!
!
!
aaa server radius dynamic-author
client 172.31.113.135 server-key testing123
server-key testing123
auth-type any
ignore session-key
!
aaa session-id common
ip subnet-zero
!
!
!
ip cef
ip host gsds 172.31.113.135
ip host bsnl 172.31.113.137
ip host isp 172.31.113.137
ip address-pool local
!
!
service-policy type control L2_ACCESS
redirect server-group GSDS_SRV
server ip 172.31.113.135 port 80
!
redirect server-group ISP_SRV
server ip 172.31.113.136 port 80
!
multilink bundle-name authenticated
no call rsvp-sync
!
!
!
!
!
!
!
username abcd password 0 abcd
!
class-map type traffic match-any PPP_SESSION_TRAFFIC_GRAS
match access-group input name ACL_GRAS_USER
!
class-map type traffic match-any PPP_SESSION_TRAFFIC
match access-group input name ACL_BSNL_USER
!
class-map type control match-all GRASBERG
match unauthenticated-domain gsds
!
class-map type control match-all PPP_SESSION
match protocol ppp
!
policy-map type service SVC_GSDS
service local
class type traffic PPP_SESSION_TRAFFIC_GRAS
redirect to group GSDS_SRV
!
!
policy-map type service SVC_GSDS_TO_INTERNET
service local
class type traffic PPP_SESSION_TRAFFIC_GRAS
redirect to group ISP_SRV
!
!
policy-map type control L2_ACCESS
class type control PPP_SESSION event session-start
1 collect identifier unauthenticated-domain
2 service-policy type control DOMAIN_BASED_ACCESS
!
!
policy-map type control DOMAIN_BASED_ACCESS
class type control GRASBERG event session-start
1 authenticate aaa list default
2 service-policy type service name SVC_GSDS
!
!
!
!
!
!
!
bba-group pppoe BSNL_BBA_GROUP
virtual-template 1
!
!
interface FastEthernet1/0
ip address 172.31.113.150 255.255.255.0
no ip route-cache cef
no ip route-cache
duplex full
!
interface FastEthernet1/1
description PPPoE
ip address 10.10.10.4 255.255.255.0
no ip route-cache cef
no ip route-cache
duplex full
pppoe enable group BSNL_BBA_GROUP
!
interface Virtual-Template1
ip unnumbered FastEthernet1/1
peer default ip address pool GRAS_IP_POOL
ppp authentication chap callin
!
ip local pool GRAS_IP_POOL 10.10.10.20
ip default-gateway 10.10.10.4
ip classless
!
!
no ip http server
no ip http secure-server
!
ip access-list standard ACL_GRAS_USER
permit 10.10.10.0 0.0.0.255
!
!
!
radius-server attribute 8 include-in-access-req
radius-server attribute 11 default direction in
radius-server host 172.31.113.137 auth-port 1812 acct-port 1813
radius-server host 172.31.113.135 auth-port 1812 acct-port 1813
radius-server key testing123
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco
!
end
thanks,
Raj
________________________________
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110211/e14956c0/attachment.html>
More information about the Freeradius-Users
mailing list