update reply: "Juniper-Primary-Dns"
Bjørn Mork
bjorn at mork.no
Tue Jun 16 21:50:36 CEST 2015
Amir Tal <amir at ccc.co.il> writes:
> When testing this, values are added to reply, this was confirmed by enabling "reply_log" in freeradius.
> Example:
> Tue Jun 16 18:54:07 2015
> Packet-Type = Access-Accept
> Juniper-Primary-Dns = 109.226.x.x
> Juniper-Secondary-Dns = 109.226.x.x
> Framed-Protocol = PPP
> Framed-Compression = Van-Jacobson-TCP-IP
> ERX-Egress-Statistics := enable
> ERX-Ingress-Statistics := enable
> ERX-Egress-Policy-Name := "100MB"
> ERX-Ingress-Policy-Name := "4mb"
> Framed-MTU = 1512
> Framed-Pool := "fast"
>
> But, this is not passed to the client, NAS still overrides this with default values.
Which NAS platform is this? Note that the ERX-* and Juniper-* VSAs don't
usually mix. Assuming this is an MX, I believe you have to use
Unisphere (aka ERX) VSAs for the subscriber management stuff.
See http://www.juniper.net/techpubs/en_US/junos14.1/topics/reference/general/aaa-subscriber-access-radius-vsa.html
The clue is in the "The AAA Service Framework uses vendor ID 4874". The
Juniper-*-Dns VSAs are defined by vendor ID 2636.
I assume you are looking for Unisphere-Primary-Dns and
Unisphere-Secondary-Dns in modern FR, or ERX-Primary-Dns and
ERX-Secondary-Dns in the legacy FR.
Bjørn
More information about the Freeradius-Users
mailing list