WING-ASN throwing error - Mandatory HA Mode parameter

David Peterson davidp at wirelessconnections.net
Mon Jun 11 15:32:18 CEST 2012 

Judging by that access-accept message you don't have all of the attributes
needed to set up a WiMax service flow.  There are far more attributes that
need to be sent than you have listed below, and they all have to be sent in
the order listed in dictionary.wimax.  Check the archives of this list for
WiMax service flow replies, this is fairly well documented.  

Your ASN manufacturer should be able to supply you with an IOT document or
other radius documentation.

David

-----Original Message-----
From:
freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freera
dius.org] On Behalf Of Rathod Subhashchandra
Sent: Monday, June 11, 2012 9:10 AM
To: 'Fajar A. Nugraha'; 'FreeRadius users mailing list'
Subject: RE: WING-ASN throwing error - Mandatory HA Mode parameter
Importance: High

Dear Fajar,

ACCESS-ACCEPT screen logs shows following attributes but not in pcap.
Screen logs:
Sending Access-Accept of id 6 to 125.125.40.38 port 1812
	WiMAX-MN-NAI = "user at tataelxsi.com"
	Service-Type = Authenticate-Only
	State = 0xd2be425bd6b84f57c4a7ea648e1803b6
	MS-MPPE-Recv-Key =
0xd967448623358aa2149aee72c8d59c7640ca9b7fb4c06836781533bb9ae7679d
	MS-MPPE-Send-Key =
0x49a17afa5f030067f31c8a3e44d14e88a312af0a90e1299e73019fa1c27e7fb3
	WiMAX-MSK =
0xd967448623358aa2149aee72c8d59c7640ca9b7fb4c06836781533bb9ae7679d49a17afa5f
030067f31c8a3e44d14e88a312af0a90e1299e73019fa1c27e7fb3
	EAP-Message = 0x03060004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "user at tataelxsi.com"
	WiMAX-IP-Technology = PMIP4
	WiMAX-hHA-IP-MIP4 = 172.16.104.175
	WiMAX-DNS-Server = 192.168.10.3
	WiMAX-Accounting-Capabilities = IP-Session-Based
	WiMAX-Idle-Mode-Notification-Cap = Supported
	WiMAX-AAA-Session-Id = 0x30313032
	WiMAX-Packet-Data-Flow-Id = 1
	WiMAX-Service-Data-Flow-Id = 1
	WiMAX-Service-Profile-Id = 1
	WiMAX-Direction = Bi-Directional
	WiMAX-FA-RK-Key = 0xb977ed6f9bf2231bba840d7cf1c02cd1bd7f47fa
	Framed-IP-Address = 192.168.10.3
	Session-Timeout = 172800
	Termination-Action = 3
	Chargeable-User-Identity = "user at tataelxsi.com"
	WiMAX-HA-RK-Lifetime = 900
	WiMAX-HA-RK-SPI = 0
	WiMAX-HA-RK-Key = 0x2b83c9fd0e5c3e2f8af0aa4464ba27ff8372fe4b
	WiMAX-FA-RK-SPI = 2474926121


The content of Wireshark is attached.
Wireshark ACCESS-ACCEPT message does not reflect WiMAX-HA-RK-Lifetime,
WiMAX-HA-RK-SPI, WiMAX-HA-RK-Key, and WiMAX-FA-RK-SPI.

Does it mean that above attributes are not added in the message and simply
printed by FreeRadius server? Or Vendor specific HA mode parameters are
different?



Thanks !
Rathod.



-----Original Message-----
From: Fajar A. Nugraha [mailto:list at fajar.net]
Sent: Monday, June 11, 2012 11:39 AM
To: rathod at tataelxsi.co.in; FreeRadius users mailing list
Subject: Re: WING-ASN throwing error - Mandatory HA Mode parameter

On Mon, Jun 11, 2012 at 12:50 PM, Rathod Subhashchandra
<rathod at tataelxsi.co.in> wrote:
> I am using Free Radius only.
> I would like to know whether FreeRadius supports following attributes 
> in ACCESS-ACCEPT.
>
> HA_RK_Lifetime, HA_RK_SPI, HA_RK_KEY, Duration Quota, MN_HA_SPI,
HA_IP_ADDR,
> MN_HA_KEY

freeradius supports adding custom or vendor-specific attributes. You need to
know what they are to add them. Ask your NAS vendor for the radius
dictionary file, and what the values should be for a successful
authentication.

IF (and ONLY if) you already have a working radius server for that NAS, you
could probably use wireshark/tcpdump/whatever to capture what attributes
were sent, and configure FR to send those attributes as well. I don't
recommend this method for newbies though, better ask your vendor.

--
Fajar

More information about the Freeradius-Users mailing list