[cisco-bba] "NAS-Port = 0" with software upgrade on Cisco 7206VXR
Robert Blayzor
rblayzor.bulk at inoc.net
Fri Jul 18 20:31:27 EDT 2008
On Jul 18, 2008, at 6:55 PM, Frank Bulk wrote:
> I do see in my packet captures that a "NAS-Port-Id(87) is sent to
> our RADIUS
> server which contains the port/?/VP/VC, which is nice, but FreeRADIUS
> doesn't appear to be able to log that, either, in its main log.
>
> Any ideas how I can get back to having the NAS-Port return the
> Virtual-Interface values (which are now in the Vi#.#### format) or
> to get
> FreeRADIUS to log attribute 87 to the main log?
Couple of things....
Add NAS-Port-Id to your RADIUS dictionary if it's not there.
FreeRADIUS should be able to log it once it knows about the attribute:
ATTRIBUTE NAS-Port-Id 87 string
The other way is if you have a RADIUS server flexible enough to
rewrite attributes, you can easily change the Port-Id into the values
you need, ie:
my $nasport = $p->get_attr('NAS-Port');
if (defined($nasport)) {
my ($vci, $vpi, $port, $module, $slot) =
( ($nasport & 0xffff),
(($nasport & 0xff0000) >> 16),
(($nasport & 0x07000000) >> 24),
(($nasport & 0x1000000) >> 27),
(($nasport & 0xf0000000) >> 28) );
my $cid = "$slot/$module/$port/$vpi.$vci";
Basically with NAS-Port you need to shift the bits around to get the
values you need.
--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net
http://www.inoc.net/~rblayzor/
More information about the cisco-bba
mailing list