FreeRadius and Circuit-ID

filip.m.nikolic at filip.m.nikolic at
Mon Nov 14 09:19:35 UTC 2022




Thanks for initial answer I will check.


And I will try to provide more information here so you can help me.

I am testing possibilities of BNG. On access side of BNG I am trying to setup PPPoE client.

Client has next attributes: Username, password, Circuit ID and Remote ID.

Authentication goes through Radius server.

In my setup I have to version of radius. One with Daloradius (Sql-web base Radius) and regular freeradius.


I want to establish PPPoE session and to try authentication according to the Circuit ID attribute filed not according to the username and password. 

User and pass should stand in a flow, but main authentication should be performed according to the Circuit ID. 




I have user: test1 and password: test1

Circuit ID is: gige 6/27/0:100.1

Remote ID is: BNG


These two attributes I received on Radius:


(0)   ADSL-Agent-Circuit-Id = 0x6769676520362f32372f303a3130302e31

(0)   ADSL-Agent-Remote-Id = 0x424e47 



In order to establish authentication according to the ADSL-Agent-Circuit-Id Attribute how should I setup:


1. Regluar freeradius setup without mysql base? Is the config from below appropriate?

2. Freeradius setup with Daloradius on top? 



Thanks in advance, if some more information is needed I will try to provide 😊 





-----Original Message-----

From: Freeradius-Users < at < at> > On Behalf Of Alan DeKok

Sent: Thursday, November 10, 2022 5:47 PM

To: FreeRadius users mailing list <freeradius-users at <mailto:freeradius-users at> >

Subject: Re: FreeRadius and Circuit-ID


On Nov 10, 2022, at 4:28 PM, <filip.m.nikolic at <mailto:filip.m.nikolic at> > <filip.m.nikolic at <mailto:filip.m.nikolic at> > wrote:

> We are playing around with a scenario for subscriber attachment based 

> on circuit-id and remote-id and ignoring PAP/CHAP.


  That's fine.


> Idea is that you do not need to authenticate a user, just grant him 

> access based on the fixed port in the access node.


> We struggle in the right configuration, so we are wondering if someone 

> play with that and if someone can help us?


  Read the debug log to see what attributes are in the packet, and what their values are.


  Then, in a virtual server do:


authorize {


                if (... attribute matches value ..)  {

                                update control {

                                                Auth-Type := Accept







  If you want a more detailed answer, you will need to ask a more detailed question.


  Alan DeKok.



List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list