Freeradius DHCP

Maile Halatuituia maile.halatuituia at tcc.to
Wed Aug 14 02:39:23 CEST 2019 

Hi Now I can manage to send this to my Radius Server from the BRAS.

Note the packet below is the first start and the next interim Update.

Also note there is a Username field as well.

Is there is a way that I can use this Username Field to authenticate before BRAS assign the private ips  ....



Wed Aug 14 13:17:53 2019
        Acct-Session-Id = "000001FF"
        Framed-IP-Address = Private IP
        Cisco-AVPair = "connect-progress=Call Up"
        Acct-Authentic = Local
        Acct-Status-Type = Start
        Calling-Station-Id = "MAC Address"
        Service-Type = Framed-User
        NAS-IP-Address = IP Address
        PMIP6-Home-HN-Prefix = 3035:4531:4231::/48
        Event-Timestamp = "Aug 14 2019 13:21:21 +13"
        NAS-Identifier = "HA_BNG3"
        Acct-Delay-Time = 0
        User-Name = "@realm"
        Acct-Unique-Session-Id = "80d574130500fc9e3dcc53196fe7449e"
        Stripped-User-Name = ""
        Realm = "realm"
        Timestamp = 1565741873

Wed Aug 14 13:23:17 2019
        Acct-Session-Id = "000001FF"
        Framed-IP-Address = Private IP
        Cisco-AVPair = "connect-progress=Call Up"
        Acct-Session-Time = 324
        Acct-Authentic = Local
        Acct-Status-Type = Interim-Update
        Calling-Station-Id = "MAC"
        Service-Type = Framed-User
        NAS-IP-Address = NAS IP
        PMIP6-Home-HN-Prefix = 3035:4531:4231::/48
        Event-Timestamp = "Aug 14 2019 13:26:45 +13"
        NAS-Identifier = "HA_BNG3"
        Acct-Delay-Time = 0
        User-Name = "@realm"
        Acct-Unique-Session-Id = "80d574130500fc9e3dcc53196fe7449e"
        Stripped-User-Name = ""
        Realm = "realm"
        Timestamp = 1565742197

-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+maile.halatuituia=tcc.to at lists.freeradius.org> On Behalf Of Maile Halatuituia
Sent: Tuesday, 13 August 2019 2:34 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: RE: Freeradius DHCP

Hi Nathan
Please can you send me your private email


-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+maile.halatuituia=tcc.to at lists.freeradius.org> On Behalf Of Nathan Ward
Sent: Tuesday, 13 August 2019 1:34 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Freeradius DHCP


> On 12/08/2019, at 11:47 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Aug 11, 2019, at 9:24 PM, Maile Halatuituia <maile.halatuituia at tcc.to> wrote:
>> Actually I was referring to the PPPoE like Authentication and you have confirmed DHCP does not do the same.
>>
>> Any idea how I would achieve at least similar to PPPoE. I mean is it possible to authenticate DHCP clients before assigning the Address. I mean similar to what PPP does with Freeradius on PPPoE.
>
>  On Cisco devices, this is "mac auth".  You need to configure the Cisco NAS to do Mac auth.  There's also a guide in the FreeRADIUS Wiki for configuring Mac Auth on the server.


Hi Alan,

I think what he’s wanting to do, based on other ML threads, is more “ISG” on a BNG. This takes DHCP DISCOVER messages, and talks to RADIUS to authenticate them based on whatever - usually option 82 information - and passes back confusing Cisco AVPs with terrible confusing names to tweak what the BNG does.

https://lists.gt.net/cisco/nsp/201724 <https://lists.gt.net/cisco/nsp/201724>
etc.

There are links to the relevant Cisco documents etc. there.

Maile - email me off list if you like and I can give you a steer on some of this stuff.

--
Nathan Ward

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.

More information about the Freeradius-Users mailing list