Tunnel-Private-Group-ID undefined tag.

Fabrice Durand fdurand at inverse.ca
Mon Jan 21 22:40:11 CET 2019 

Sorry for the screen capture.

Here the reply with tag equal to 1:

Frame 6: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on 
interface 0
Ethernet II, Src: Vmware_1c:1f:3d (00:0c:29:1c:1f:3d), Dst: 
Vmware_9d:00:59 (00:50:56:9d:00:59)
Internet Protocol Version 4, Src: 172.20.135.4, Dst: 172.20.110.250
User Datagram Protocol, Src Port: 1812, Dst Port: 34863
RADIUS Protocol
     Code: Access-Accept (2)
     Packet identifier: 0x86 (134)
     Length: 38
     Authenticator: 9bbbb286df738ecf24be871d7b95de37
     [This is a response to a request in frame 5]
     [Time from request: 0.011010775 seconds]
     Attribute Value Pairs
         AVP: t=Tunnel-Type(64) l=6 Tag=0x01 val=VLAN(13)
         AVP: t=Tunnel-Medium-Type(65) l=6 Tag=0x01 val=IEEE-802(6)
         AVP: t=Tunnel-Private-Group-Id(81) l=6 Tag=0x01 val=195

And the one with the tag unset:

Frame 6: 79 bytes on wire (632 bits), 79 bytes captured (632 bits) on 
interface 0
Ethernet II, Src: Vmware_1c:1f:3d (00:0c:29:1c:1f:3d), Dst: 
Vmware_9d:00:59 (00:50:56:9d:00:59)
Internet Protocol Version 4, Src: 172.20.135.4, Dst: 172.20.110.250
User Datagram Protocol, Src Port: 1812, Dst Port: 34863
RADIUS Protocol
     Code: Access-Accept (2)
     Packet identifier: 0x87 (135)
     Length: 37
     Authenticator: 50e7dce3cdc0c2d5391576d11372c573
     [This is a response to a request in frame 5]
     [Time from request: 0.003153571 seconds]
     Attribute Value Pairs
         AVP: t=Tunnel-Type(64) l=6 Tag=0x00 val=VLAN(13)
         AVP: t=Tunnel-Medium-Type(65) l=6 Tag=0x00 val=IEEE-802(6)
         AVP: t=Tunnel-Private-Group-Id(81) l=5 val=195


You can see that when there is no tag then it miss Tag=0x00 for the 
attribute 81.

Regards

Fabrice



Le 19-01-21 à 16 h 13, Nathan Ward a écrit :
>> On 22/01/2019, at 10:05 AM, Fabrice Durand <fdurand at inverse.ca> wrote:
>>
>> By searching for the issue i noticed that the attribute attribute Tunnel-Private-Group-ID  is untag in the network capture:
> I think you might have had a screen capture here or something - but that won’t get through the list.
>
>> I also check the rfc (https://tools.ietf.org/html/rfc2868) and the tag is suppose to be here.
>>
>> Is it a bug in FreeRADIUS or is it something normal ?
> Tag zero means unused. Try set it to 1, and see how you go.
>
>  From RFC2868: "If the Tag field is unused, it MUST be zero (0x00)”.
>
> --
> Nathan Ward
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Fabrice Durand
fdurand at inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)

More information about the Freeradius-Users mailing list