[cisco-bba] "NAS-Port = 0" with software upgrade on Cisco 7206VXR

Frank Bulk frnkblk at iname.com
Sat Jul 19 00:32:22 EDT 2008


I checked and the NAS-Port-Id is in the dictionary, but it doesn't log it to
the regular log file.

I'm looking into to re-writing the NAS-Port internet into something like you
described: $slot/$module/$port/$vpi.$vci.

But I'm still at a loss how to get the NAS-Port to reflect the virtual
interface number rater than the incoming location.

Regards,

Frank

-----Original Message-----
From: Robert Blayzor [mailto:rblayzor.bulk at inoc.net] 
Sent: Friday, July 18, 2008 7:31 PM
To: frnkblk at iname.com
Cc: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] "NAS-Port = 0" with software upgrade on Cisco
7206VXR

On Jul 18, 2008, at 6:55 PM, Frank Bulk wrote:
> I do see in my packet captures that a "NAS-Port-Id(87) is sent to
> our RADIUS
> server which contains the port/?/VP/VC, which is nice, but FreeRADIUS
> doesn't appear to be able to log that, either, in its main log.
>
> Any ideas how I can get back to having the NAS-Port return the
> Virtual-Interface values (which are now in the Vi#.#### format) or
> to get
> FreeRADIUS to log attribute 87 to the main log?

Couple of things....

Add NAS-Port-Id to your RADIUS dictionary if it's not there.
FreeRADIUS should be able to log it once it knows about the attribute:

ATTRIBUTE       NAS-Port-Id                     87      string


The other way is if you have a RADIUS server flexible enough to
rewrite attributes, you can easily change the Port-Id into the values
you need, ie:

     my $nasport = $p->get_attr('NAS-Port');
     if (defined($nasport)) {

         my ($vci, $vpi, $port, $module, $slot) =
             ( ($nasport & 0xffff),
               (($nasport & 0xff0000) >> 16),
               (($nasport & 0x07000000) >> 24),
               (($nasport & 0x1000000) >> 27),
               (($nasport & 0xf0000000) >> 28) );

         my $cid = "$slot/$module/$port/$vpi.$vci";


Basically with NAS-Port you need to shift the bits around to get the
values you need.

--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net
http://www.inoc.net/~rblayzor/






More information about the cisco-bba mailing list