PPPoE subscriber management

Marijn van Gool marijn.vangool at comsave.com
Fri May 5 13:39:05 CEST 2017 

Hello folks,

I have set up and configured PPPoE subscriber management on my Juniper MX80 router. I’m using FreeRadius version 2.1.12. I know it’s old and we’re planning on upgrading it soon.

A PPPoE client successfully authenticates using PAP and sends out a Framed-IP-Address (10.120.120.10) in the Access-Accept message back to the router:

Ready to process requests.
rad_recv: Access-Request packet from host 185.85.83.150 port 52772, id=174, length=158
	User-Name = "pppoe-test"
	User-Password = "1234"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Chargeable-User-Identity = ""
	Acct-Session-Id = "121184"
	ERX-Dhcp-Mac-Addr = "6c3b.6b8b.760d"
	NAS-Identifier = "MX5-Kantoor"
	NAS-Port = 272630560
	NAS-Port-Id = "ge-1/1/1.demux0.1073863004:800"
	NAS-Port-Type = Ethernet
	NAS-IP-Address = 185.85.83.150
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "pppoe-test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql] 	expand: %{User-Name} -> pppoe-test
[sql] sql_set_user escaped user --> 'pppoe-test'
rlm_sql (sql): Reserving sql socket id: 2
[sql] 	expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'pppoe-test'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'pppoe-test'           ORDER BY id
[sql] User found in radcheck table
[sql] 	expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'pppoe-test'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'pppoe-test'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'pppoe-test'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = 'pppoe-test'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "1234"
[pap] Using clear text password "1234"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] 	expand: %{User-Name} -> pppoe-test
[sql] sql_set_user escaped user --> 'pppoe-test'
[sql] 	expand: %{User-Password} -> 1234
[sql] 	expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'pppoe-test',                           '1234',                           'Access-Accept', '2017-05-05 13:36:48')
[sql] 	expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'pppoe-test',                           '1234',                           'Access-Accept', '2017-05-05 13:36:48')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query:  INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'pppoe-test',                           '1234',                           'Access-Accept', '2017-05-05 13:36:48')
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 174 to 185.85.83.150 port 52772
	Framed-IP-Address = 10.120.120.10
Finished request 17.
Going to the next request

The MX80 feels like the FreeRadius server is dead / unreachable, while the connectivity is just fine. Without using PAP and with using an address pool on the router itself, all works fine.
But I want to specify the IP address my users get.

Is there a different RADIUS VSA I need to use in this regard?

Met vriendelijke groet \ With kind regards,

Marijn van Gool
Network Engineer

+31 88 999 5555
marijn.vangool at comsave.com <mailto:marijn.vangool at comsave.com> 
www.comsave.nl <http://www.comsave.nl/>

More information about the Freeradius-Users mailing list