[j-nsp] ERX 6-0-0 radius accounting

Mohamed Salaheldin msalah.salec at gmail.com
Sun Feb 13 07:28:29 EST 2005 

The best way to solve this problem is to confgure the RADIUS server to
respond to the accounting-on message with accounting-accept message,
this will stop the ERX from sending the accounting-on message.
By the way this message is not related to the software release this is
a typical RAS behaviour

I hope this helps.

Mohammad Salah


On Fri, 11 Feb 2005 12:00:12 -0500 (EST),
juniper-nsp-request at puck.nether.net
<juniper-nsp-request at puck.nether.net> wrote:
> Send juniper-nsp mailing list submissions to
>         juniper-nsp at puck.nether.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://puck.nether.net/mailman/listinfo/juniper-nsp
> or, via email, send a message with subject or body 'help' to
>         juniper-nsp-request at puck.nether.net
> 
> You can reach the person managing the list at
>         juniper-nsp-owner at puck.nether.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of juniper-nsp digest..."
> 
> Today's Topics:
> 
>    1. Re: ERX 6-0-0 radius accounting (Mark Loveley)
>    2. Re: ERX 6-0-0 radius accounting (David Gethings)
>    3. Re: ERX 6-0-0 radius accounting (Mark Loveley)
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 11 Feb 2005 15:40:35 +0000
> From: Mark Loveley <mloveley at gmail.com>
> Subject: Re: [j-nsp] ERX 6-0-0 radius accounting
> To: juniper-nsp at puck.nether.net
> Message-ID: <d155d112050211074063810afa at mail.gmail.com>
> Content-Type: text/plain; charset=US-ASCII
> 
> Thanks Jagdish I assume you meant something like:-
> aaa authentication ppp default none
> aaa accounting ppp default none
> 
> as the command options are:-
> (config)#aaa accounting ?
>  acct-stop     Configure AAA to send acct-stop
>  atm1483       Configure ATM Broadband RAS client characteristics
>  commands      Apply this accounting to user commands of specified
> privilege level
>  duplication   Configure duplicate accounting
>  exec          Apply this accounting to CLI access in general
>  interval      Configure the interval between accounting updates
>  ip            Configure IP Broadband RAS client characteristics
>  ppp           Configure PPP Broadband RAS client characteristics
>  radius-relay  Configure RADIUS Relay Broadband RAS client characteristics
>  suppress      Suppress accounting operation
>  tunnel        Configure tunnel Broadband RAS client characteristics
> 
> #aaa authentication ?
>  atm1483       Configure ATM Broadband RAS client characteristics
>  enable        configure privilege authentication
>  ip            Configure IP Broadband RAS client characteristics
>  login         Apply this authentication to vty users
>  ppp           Configure PPP Broadband RAS client characteristics
>  radius-relay  Configure RADIUS Relay Broadband RAS client characteristics
>  tunnel        Configure tunnel Broadband RAS client characteristics
> 
> However as we use radius to auth/acct our users this stops them
> logging/ and us knowing whos logging in for how long.
> The messages are still being sent to our servers, Though if they are
> from before I applied the commands I'm not sure.
> 
> Is there a way to filter the attributes that the ERX sends to the
> radius accounting servers?
> 
> Thanks
> Mark
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 11 Feb 2005 16:11:37 +0000
> From: David Gethings <davidg at pipex.net>
> Subject: Re: [j-nsp] ERX 6-0-0 radius accounting
> To: juniper-nsp at puck.nether.net
> Message-ID: <1108138297.9150.6.camel at trigger.welwyn.internal>
> Content-Type: text/plain
> 
> On Fri, 2005-02-11 at 15:40 +0000, Mark Loveley wrote:
> > Is there a way to filter the attributes that the ERX sends to the
> > radius accounting servers?
> Yes.
> 
> Check out 'radius include' in the config.
> 
> --
> Cheers
> 
> Dg
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 11 Feb 2005 16:58:25 +0000
> From: Mark Loveley <mloveley at gmail.com>
> Subject: Re: [j-nsp] ERX 6-0-0 radius accounting
> To: juniper-nsp at puck.nether.net
> Message-ID: <d155d11205021108581bd0efde at mail.gmail.com>
> Content-Type: text/plain; charset=US-ASCII
> 
> Thanks guys, I think we are close but not quite there yet.
> 
> The problem packet appears to be a accounting-on packet, it's in a new
> column in "sh radius attributes-included". If I disable all the
> entries in the accounting on column it still sends the packet but just
> with the NAS_ipaddr attribute as expected.
> 
> I believe Its the actual accounting-on packet thats being sent thats
> causing the problem, as the ERX seems to be constantly retransmitting
> the packet even though we have 5 retries setup on the accounting
> servers. Shouldn't it stop sending after 5 tries?
> 
> Is this packet sent by default on a 5-2 ERX? I don't see the same
> error if we remove then add the acct server? The release notes for
> both releases state that the packet is sent on configuring an acct
> server.
> 
> Thanks
> Mark
> 
> ------------------------------
> 
> _______________________________________________
> juniper-nsp mailing list
> juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> End of juniper-nsp Digest, Vol 27, Issue 15
> *******************************************
>

More information about the juniper-nsp mailing list