sqlippool and exhausted pool
Mirko Alberio
mirko.alberio at telemar.it
Mon Jul 19 16:56:49 CEST 2021
Ok, thanks, I did some packet capture in the problematic NAS, accounting
Stop packet are actually being sent, but still the table is not updated.
I attach the capture. So the NAS is sending account data!
And another quick question: we noticed also some cases where username
deleted from the radcheck and radreply tables (dismissed customers) are
still present in the radippool table, with past expiry_time: should not
be automatically "pruned"? Those customers for example could disconnect
the router cable and the NAS is not able to send the Stop packet.
Thanks again.
Mirko Alberio - Assistenza tecnica
e-mail: mirko.alberio at telemar.it
Telemar SpA Internet Quality Provider
Via Enrico Fermi, 235 - 36100 Vicenza - Italia
Tel 0444 291302 - Fax 0444 566310 - www.telemar.it
Assistenza tecnica 0444 1420000
Reg. Imp. Di Vicenza /C.F./P.I. 02508710247
Cap. Soc. € 120.000,00 I.V.
R.E.A. VI-236292
Il 19/07/2021 16:21, Alan DeKok ha scritto:
> On Jul 19, 2021, at 9:30 AM, Alberio Mirko <mirko.alberio at telemar.it> wrote:
>> Ok, thanks: investigating in the NAS: i tried debugging that user with IP 185.138.36.176
>>
>> that has expiry_time on 2021-01-15 20:12:31
>>
>> I tried disconnecting his PPPOE session, shortly afterward I get this request in the freeradius/radacct/NASIPADDRESS/ log files
>>
>> Mon Jul 19 15:25:35 2021
>> Packet-Type = Access-Request
> That doesn't help. You need to look at your local configuration to see what happens with accounting packets, and where they're going.
>
> Then, look in the accounting log files. Usually a "detail" file.
>
>> And the authentication is fine. But still the expiry_time isn't updated. I should se another Accounting request below that right?
> No.
>
> Accounting packets get logged to different locations than authentication packets.
>
> Alan DeKok.
>
-------------- next part --------------
No. Time Source Destination Protocol Length Info
1 0.000000 NAS_IP RADIUS_IP RADIUS 356 Accounting-Request id=18
Frame 1: 356 bytes on wire (2848 bits), 356 bytes captured (2848 bits)
Ethernet II, Src: Routerbo_58:95:00 (cc:2d:e0:58:95:00), Dst: Routerbo_15:51:db (cc:2d:e0:15:51:db)
Internet Protocol Version 4, Src: NAS_IP, Dst: RADIUS_IP
User Datagram Protocol, Src Port: 34421, Dst Port: 1813
RADIUS Protocol
Code: Accounting-Request (4)
Packet identifier: 0x12 (18)
Length: 314
Authenticator: c10dbde6ad97f992a3b54f47711ca9e2
[The response to this request is in frame 2]
Attribute Value Pairs
AVP: t=Service-Type(6) l=6 val=Framed(2)
AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
AVP: t=NAS-Port(5) l=6 val=15842090
AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
AVP: t=User-Name(1) l=14 val=CUSTOMER_RADIUS_USERNAME
AVP: t=Calling-Station-Id(31) l=19 val=60:32:B1:FD:B3:26
AVP: t=Called-Station-Id(30) l=9 val=vlanXXXX
AVP: t=NAS-Port-Id(87) l=25 val=vlanXXXX-POP_NAME
AVP: t=Acct-Session-Id(44) l=10 val=8151bac6
AVP: t=Framed-IP-Address(8) l=6 val=XX.XX.XX.45
AVP: t=Acct-Authentic(45) l=6 val=RADIUS(1)
AVP: t=Event-Timestamp(55) l=6 val=Jul 19, 2021 16:44:56.000000000 ora legale Europa occidentale
AVP: t=Acct-Session-Time(46) l=6 val=1596
AVP: t=Idle-Timeout(28) l=6 val=0
AVP: t=Session-Timeout(27) l=6 val=0
AVP: t=Unknown-Attribute(197) l=6 val=01388000
AVP: t=Vendor-Specific(26) l=12 vnd=Ascend Communications Inc.(529)
AVP: t=Unknown-Attribute(197) l=6 val=000fa000
AVP: t=Vendor-Specific(26) l=12 vnd=Ascend Communications Inc.(529)
AVP: t=Vendor-Specific(26) l=44 vnd=MikroTik(14988)
AVP: t=Acct-Input-Octets(42) l=6 val=370833
AVP: t=Acct-Input-Gigawords(52) l=6 val=0
AVP: t=Acct-Input-Packets(47) l=6 val=3138
AVP: t=Acct-Output-Octets(43) l=6 val=4463138
AVP: t=Acct-Output-Gigawords(53) l=6 val=0
AVP: t=Acct-Output-Packets(48) l=6 val=4555
AVP: t=Acct-Status-Type(40) l=6 val=Stop(2)
Type: 40
Length: 6
Acct-Status-Type: Stop (2)
AVP: t=Acct-Terminate-Cause(49) l=6 val=User-Request(1)
AVP: t=NAS-Identifier(32) l=17 val=Castegnero Alto
AVP: t=Acct-Delay-Time(41) l=6 val=0
AVP: t=NAS-IP-Address(4) l=6 val=NAS_IP
No. Time Source Destination Protocol Length Info
2 0.005867 RADIUS_IP NAS_IP RADIUS 62 Accounting-Response id=18
Frame 2: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Routerbo_15:51:db (cc:2d:e0:15:51:db), Dst: Routerbo_58:95:00 (cc:2d:e0:58:95:00)
Internet Protocol Version 4, Src: RADIUS_IP, Dst: NAS_IP
User Datagram Protocol, Src Port: 1813, Dst Port: 34421
RADIUS Protocol
Code: Accounting-Response (5)
Packet identifier: 0x12 (18)
Length: 20
Authenticator: 05a6a022a73131e9c0242dead4a70399
[This is a response to a request in frame 1]
[Time from request: 0.005867000 seconds]
No. Time Source Destination Protocol Length Info
3 2.398938 NAS_IP RADIUS_IP RADIUS 194 Access-Request id=19
Frame 3: 194 bytes on wire (1552 bits), 194 bytes captured (1552 bits)
Ethernet II, Src: Routerbo_58:95:00 (cc:2d:e0:58:95:00), Dst: Routerbo_15:51:db (cc:2d:e0:15:51:db)
Internet Protocol Version 4, Src: NAS_IP, Dst: RADIUS_IP
User Datagram Protocol, Src Port: 47625, Dst Port: 1812
RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0x13 (19)
Length: 152
Authenticator: 058be9390bf7ae3258d7e53bff88a265
[The response to this request is in frame 4]
Attribute Value Pairs
AVP: t=Service-Type(6) l=6 val=Framed(2)
AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
AVP: t=NAS-Port(5) l=6 val=15842091
AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
AVP: t=User-Name(1) l=14 val=CUSTOMER_RADIUS_USERNAME
AVP: t=Calling-Station-Id(31) l=19 val=60:32:B1:FD:B3:26
AVP: t=Called-Station-Id(30) l=9 val=vlanXXXX
AVP: t=NAS-Port-Id(87) l=25 val=vlanXXXX-POP_NAME
AVP: t=User-Password(2) l=18 val=Encrypted
AVP: t=NAS-Identifier(32) l=17 val=Castegnero Alto
AVP: t=NAS-IP-Address(4) l=6 val=NAS_IP
No. Time Source Destination Protocol Length Info
4 2.415228 RADIUS_IP NAS_IP RADIUS 112 Access-Accept id=19
Frame 4: 112 bytes on wire (896 bits), 112 bytes captured (896 bits)
Ethernet II, Src: Routerbo_15:51:db (cc:2d:e0:15:51:db), Dst: Routerbo_58:95:00 (cc:2d:e0:58:95:00)
Internet Protocol Version 4, Src: RADIUS_IP, Dst: NAS_IP
User Datagram Protocol, Src Port: 1812, Dst Port: 47625
RADIUS Protocol
Code: Access-Accept (2)
Packet identifier: 0x13 (19)
Length: 70
Authenticator: e8a2de069e636da63828bb12e93bc949
[This is a response to a request in frame 3]
[Time from request: 0.016290000 seconds]
Attribute Value Pairs
AVP: t=Vendor-Specific(26) l=44 vnd=MikroTik(14988)
AVP: t=Framed-IP-Address(8) l=6 val=XX.XX.XX.45
No. Time Source Destination Protocol Length Info
5 2.417845 NAS_IP RADIUS_IP RADIUS 216 Accounting-Request id=20
Frame 5: 216 bytes on wire (1728 bits), 216 bytes captured (1728 bits)
Ethernet II, Src: Routerbo_58:95:00 (cc:2d:e0:58:95:00), Dst: Routerbo_15:51:db (cc:2d:e0:15:51:db)
Internet Protocol Version 4, Src: NAS_IP, Dst: RADIUS_IP
User Datagram Protocol, Src Port: 49664, Dst Port: 1813
RADIUS Protocol
Code: Accounting-Request (4)
Packet identifier: 0x14 (20)
Length: 174
Authenticator: 996f1bb2b4f78dbc8b735f9c5f86c58c
[The response to this request is in frame 6]
Attribute Value Pairs
AVP: t=Service-Type(6) l=6 val=Framed(2)
AVP: t=Framed-Protocol(7) l=6 val=PPP(1)
AVP: t=NAS-Port(5) l=6 val=15842091
AVP: t=NAS-Port-Type(61) l=6 val=Ethernet(15)
AVP: t=User-Name(1) l=14 val=CUSTOMER_RADIUS_USERNAME
AVP: t=Calling-Station-Id(31) l=19 val=60:32:B1:FD:B3:26
AVP: t=Called-Station-Id(30) l=9 val=vlanXXXX
AVP: t=NAS-Port-Id(87) l=25 val=vlanXXXX-POP_NAME
AVP: t=Acct-Session-Id(44) l=10 val=8151bac7
AVP: t=Framed-IP-Address(8) l=6 val=XX.XX.XX.45
AVP: t=Acct-Authentic(45) l=6 val=RADIUS(1)
AVP: t=Event-Timestamp(55) l=6 val=Jul 19, 2021 16:44:58.000000000 ora legale Europa occidentale
AVP: t=Acct-Status-Type(40) l=6 val=Start(1)
Type: 40
Length: 6
Acct-Status-Type: Start (1)
AVP: t=NAS-Identifier(32) l=17 val=Castegnero Alto
AVP: t=Acct-Delay-Time(41) l=6 val=0
AVP: t=NAS-IP-Address(4) l=6 val=NAS_IP
No. Time Source Destination Protocol Length Info
6 2.422639 RADIUS_IP NAS_IP RADIUS 62 Accounting-Response id=20
Frame 6: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Routerbo_15:51:db (cc:2d:e0:15:51:db), Dst: Routerbo_58:95:00 (cc:2d:e0:58:95:00)
Internet Protocol Version 4, Src: RADIUS_IP, Dst: NAS_IP
User Datagram Protocol, Src Port: 1813, Dst Port: 49664
RADIUS Protocol
Code: Accounting-Response (5)
Packet identifier: 0x14 (20)
Length: 20
Authenticator: 6f0d060806420e9177f0a7e74529e3f2
[This is a response to a request in frame 5]
[Time from request: 0.004794000 seconds]
More information about the Freeradius-Users
mailing list