VRF config from v2 to v3

Richard Mealing richard at fastnet.co.uk
Mon Aug 23 17:17:13 CEST 2021

>-----Original Message-----
>From: Freeradius-Users <freeradius-users-bounces+richard=fastnet.co.uk at lists.freeradius.org> On Behalf Of Alan DeKok
>Sent: 23 August 2021 14:58
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Subject: Re: VRF config from v2 to v3

>On Aug 23, 2021, at 9:35 AM, Richard Mealing <richard at fastnet.co.uk> wrote:
>> A long time ago someone set up a freeradius server within our company and used the following patch places in policy.txt for vrf users - http://lists.freeradius.org/pipermail/freeradius-devel/2005-November/000699.html
>> After searching around I am not sure google has any answers for me for a v3 version. 
>> I wondered if anyone has the unlang config for this? 

>  There's nothing like that in v3.  See "man unlang" for complete documentation on the operators, and how they work.  Or "man users" >for the "users" file.

> Those extra operators were only in a module in v2.  We removed them from v3 because so far as we could tell, nobody used them.  >This is the first question about that functionality in many, many, years.

>  Our experience has been that those extra operators really aren't needed.  It's almost always possible to just re-order the "add >attribute" rules to use the normal operators.

>  Perhaps you could explain what you're doing in more detail.  My guess is that we can suggest ways to do the same thing, which use >the normal v3 functionality.

>  Alan DeKok.

Hi Alan,
'Basically' this - Cisco NAS's will kick users who assign a VRF after assigning an IP address. The VRF must come first.

All users authenticate and radreply works apart from vrf users. We are using cisco NAS. For example - 
| 26726947 | someuser at myrealm | Framed-IP-Address | =  | 	|
| 26726948 | someuser at myrealm | Cisco-AVPair      | += | ip:vrf-id=myVRF           |
| 26726949 | someuser at myrealm | Cisco-AVPair      | += | ip:ip-unnumbered=Loopback 19       |
| 26726950 | someuser at myrealm | Cisco-AVPair      | += | ip:route= |

This came up at the last minute so I have not had time to debug, I just wondered if someone knew a quick fix! 

Thanks for your help,

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list