Access Accept vs Tunneled reply

David Peterson davidp at
Fri Mar 11 20:33:11 CET 2011

Progress at last guys!  Thanks for all the help!    Now seeing this both
outside the tunnel as well as in the pcap.  Now to make my attribute conform
with the NAS.

(175) ++[wimax] returns updated
Sending Access-Accept of id 103 to port 1812
        WiMAX-VLAN-ID = 192
        WiMAX-Classifer-Direction = Bi-Directional
        WiMAX-Classifer-Priority = 1
        WiMAX-ClassifierID = 1
        WiMAX-Downlink-QOS-Id = 1
        WiMAX-Uplink-QOS-Id = 1
        WiMAX-Transport-Type = Ethernet
        WiMAX-Direction = Bi-Directional
        WiMAX-Packet-Data-Flow-Id = 1
        WiMAX-QoS-Id = 1
        WiMAX-Schedule-Type = Best-Effort
        WiMAX-Maximum-Sustained-Traffic-Rate = 31457289
        WiMAX-R3-IF-Name = "vpws"
        WiMAX-PDFID = 1
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "{sm=1}3FF9EF10336DD9EF3892DC1ED1EF2696"
        WiMAX-IP-Technology = CMIP4
        WiMAX-FA-RK-Key = 0x8287ac45d467483a74dadc2337a59574b7e49e0f
        WiMAX-MSK = 0x
        WiMAX-MSK =
        WiMAX-FA-RK-SPI = 1832484922
(175) Finished request.

-----Original Message-----
From: at
[ at lists.freeradiu] On Behalf Of Alexander Clouter
Sent: Friday, March 11, 2011 1:34 PM
To: freeradius-users at
Subject: Re: Access Accept vs Tunneled reply

David Peterson <davidp at> wrote:
> I am wondering if it's a misconfiguration of a group reply.  I have 
> those attributes listed as a group-reply.  Would putting the 
> attributes in the normal vs the group reply put them in a different 
> portion of the response?
As you have the User-Name/whatever-wimax utilises now movable from the
inner-layer to the outer you can just do you policy on the outer layer
instead.  Do authentication on the inner-tunnel, whilst authorisation keep
to the outer layer...


Alexander Clouter
.sigmonster says: Stay the curse.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list