WING-ASN throwing error - Mandatory HA Mode parameter

Rathod Subhashchandra rathod at tataelxsi.co.in
Mon Jun 11 15:10:07 CEST 2012


Dear Fajar,

ACCESS-ACCEPT screen logs shows following attributes but not in pcap.
Screen logs:
Sending Access-Accept of id 6 to 125.125.40.38 port 1812
	WiMAX-MN-NAI = "user at tataelxsi.com"
	Service-Type = Authenticate-Only
	State = 0xd2be425bd6b84f57c4a7ea648e1803b6
	MS-MPPE-Recv-Key =
0xd967448623358aa2149aee72c8d59c7640ca9b7fb4c06836781533bb9ae7679d
	MS-MPPE-Send-Key =
0x49a17afa5f030067f31c8a3e44d14e88a312af0a90e1299e73019fa1c27e7fb3
	WiMAX-MSK =
0xd967448623358aa2149aee72c8d59c7640ca9b7fb4c06836781533bb9ae7679d49a17afa5f
030067f31c8a3e44d14e88a312af0a90e1299e73019fa1c27e7fb3
	EAP-Message = 0x03060004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "user at tataelxsi.com"
	WiMAX-IP-Technology = PMIP4
	WiMAX-hHA-IP-MIP4 = 172.16.104.175
	WiMAX-DNS-Server = 192.168.10.3
	WiMAX-Accounting-Capabilities = IP-Session-Based
	WiMAX-Idle-Mode-Notification-Cap = Supported
	WiMAX-AAA-Session-Id = 0x30313032
	WiMAX-Packet-Data-Flow-Id = 1
	WiMAX-Service-Data-Flow-Id = 1
	WiMAX-Service-Profile-Id = 1
	WiMAX-Direction = Bi-Directional
	WiMAX-FA-RK-Key = 0xb977ed6f9bf2231bba840d7cf1c02cd1bd7f47fa
	Framed-IP-Address = 192.168.10.3
	Session-Timeout = 172800
	Termination-Action = 3
	Chargeable-User-Identity = "user at tataelxsi.com"
	WiMAX-HA-RK-Lifetime = 900
	WiMAX-HA-RK-SPI = 0
	WiMAX-HA-RK-Key = 0x2b83c9fd0e5c3e2f8af0aa4464ba27ff8372fe4b
	WiMAX-FA-RK-SPI = 2474926121


The content of Wireshark is attached.
Wireshark ACCESS-ACCEPT message does not reflect WiMAX-HA-RK-Lifetime,
WiMAX-HA-RK-SPI, WiMAX-HA-RK-Key, and WiMAX-FA-RK-SPI.

Does it mean that above attributes are not added in the message and simply
printed by FreeRadius server? Or Vendor specific HA mode parameters are
different?



Thanks !
Rathod.



-----Original Message-----
From: Fajar A. Nugraha [mailto:list at fajar.net] 
Sent: Monday, June 11, 2012 11:39 AM
To: rathod at tataelxsi.co.in; FreeRadius users mailing list
Subject: Re: WING-ASN throwing error - Mandatory HA Mode parameter

On Mon, Jun 11, 2012 at 12:50 PM, Rathod Subhashchandra
<rathod at tataelxsi.co.in> wrote:
> I am using Free Radius only.
> I would like to know whether FreeRadius supports following attributes in
> ACCESS-ACCEPT.
>
> HA_RK_Lifetime, HA_RK_SPI, HA_RK_KEY, Duration Quota, MN_HA_SPI,
HA_IP_ADDR,
> MN_HA_KEY

freeradius supports adding custom or vendor-specific attributes. You
need to know what they are to add them. Ask your NAS vendor for the
radius dictionary file, and what the values should be for a successful
authentication.

IF (and ONLY if) you already have a working radius server for that
NAS, you could probably use wireshark/tcpdump/whatever to capture what
attributes were sent, and configure FR to send those attributes as
well. I don't recommend this method for newbies though, better ask
your vendor.

-- 
Fajar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Wing_ASN_HA_Mode_Params_without_modification.zip
Type: application/x-zip-compressed
Size: 5242 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120611/3c0e11ff/attachment.bin>


More information about the Freeradius-Users mailing list