VRF config from v2 to v3
richard at fastnet.co.uk
Mon Aug 23 17:17:13 CEST 2021
>From: Freeradius-Users <freeradius-users-bounces+richard=fastnet.co.uk at lists.freeradius.org> On Behalf Of Alan DeKok
>Sent: 23 August 2021 14:58
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Subject: Re: VRF config from v2 to v3
>On Aug 23, 2021, at 9:35 AM, Richard Mealing <richard at fastnet.co.uk> wrote:
>> A long time ago someone set up a freeradius server within our company and used the following patch places in policy.txt for vrf users - http://lists.freeradius.org/pipermail/freeradius-devel/2005-November/000699.html
>> After searching around I am not sure google has any answers for me for a v3 version.
>> I wondered if anyone has the unlang config for this?
> There's nothing like that in v3. See "man unlang" for complete documentation on the operators, and how they work. Or "man users" >for the "users" file.
> Those extra operators were only in a module in v2. We removed them from v3 because so far as we could tell, nobody used them. >This is the first question about that functionality in many, many, years.
> Our experience has been that those extra operators really aren't needed. It's almost always possible to just re-order the "add >attribute" rules to use the normal operators.
> Perhaps you could explain what you're doing in more detail. My guess is that we can suggest ways to do the same thing, which use >the normal v3 functionality.
> Alan DeKok.
'Basically' this - Cisco NAS's will kick users who assign a VRF after assigning an IP address. The VRF must come first.
All users authenticate and radreply works apart from vrf users. We are using cisco NAS. For example -
| 26726947 | someuser at myrealm | Framed-IP-Address | = | 192.168.173.100 |
| 26726948 | someuser at myrealm | Cisco-AVPair | += | ip:vrf-id=myVRF |
| 26726949 | someuser at myrealm | Cisco-AVPair | += | ip:ip-unnumbered=Loopback 19 |
| 26726950 | someuser at myrealm | Cisco-AVPair | += | ip:route=192.168.6.0 255.255.255.0 |
This came up at the last minute so I have not had time to debug, I just wondered if someone knew a quick fix!
Thanks for your help,
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users