[j-nsp] Ascend-??? radius attributes on Juniper ERX

Blaz Zupan blaz at amis.net
Thu Mar 30 01:48:58 EST 2006 

> Ok, as you can see in my lab setup it works fine.
> Therefor further troubleshooting is needed.
> A "log sev 7 radiusattributes" from the ERX would be helpful.

Getting the log will be the hardest part as the BRAS is owned by the incumbent 
and they are rather hard to communicate with. If we had control of the BRAS 
the problem would have probably been solved by now...

> If you tell me, what exact filter you try to setup I can verfiy it im my lab. 

Here is an example filter that is being used in production on the Cisco BRAS, 
but is completely ignored on the ERX. Also the Ascend-Client-Primary-DNS is 
being ignored, we have to explicitely add the Unisphere-Primary-Dns attribute 
for those users who connect through the ERX. Again please remember that the 
Ascend attributes below are automatically being converted into abinary type by 
our radius server.

DEFAULT Auth-Type = Accept
         Framed-Routing = None,
         Framed-Protocol = PPP,
	Framed-IP-Address = 255.255.255.254,
         Framed-IP-Netmask = 255.255.255.255,
         Service-Type = Framed-User,
         Idle-Timeout = 1800,
         Ascend-Client-Primary-DNS = 212.18.32.10,
         Ascend-Client-Secondary-DNS = 212.18.32.12
         Ascend-Client-Assign-DNS = DNS-Assign-Yes,
         Ascend-Data-Filter = "ip in forward tcp est",
         Ascend-Data-Filter = "ip in drop tcp dstport = 135",
         Ascend-Data-Filter = "ip in drop tcp dstport = 137",
         Ascend-Data-Filter = "ip in drop tcp dstport = 138",
         Ascend-Data-Filter = "ip in drop tcp dstport = 139",
         Ascend-Data-Filter = "ip in drop tcp dstport = 445",
         Ascend-Data-Filter = "ip in drop tcp dstport = 593",
         Ascend-Data-Filter = "ip in drop udp dstport = 135",
         Ascend-Data-Filter = "ip in drop udp dstport = 137",
         Ascend-Data-Filter = "ip in drop udp dstport = 138",
         Ascend-Data-Filter = "ip in drop udp dstport = 139",
         Ascend-Data-Filter = "ip in forward",
         Ascend-Data-Filter = "ip out forward tcp est",
         Ascend-Data-Filter = "ip out drop tcp dstport = 135",
         Ascend-Data-Filter = "ip out drop tcp dstport = 137",
         Ascend-Data-Filter = "ip out drop tcp dstport = 138",
         Ascend-Data-Filter = "ip out drop tcp dstport = 139",
         Ascend-Data-Filter = "ip out drop tcp dstport = 445",
         Ascend-Data-Filter = "ip out drop tcp dstport = 593",
         Ascend-Data-Filter = "ip out drop udp dstport = 135",
         Ascend-Data-Filter = "ip out drop udp dstport = 137",
         Ascend-Data-Filter = "ip out drop udp dstport = 138",
         Ascend-Data-Filter = "ip out drop udp dstport = 139",
         Ascend-Data-Filter = "ip out forward"

More information about the juniper-nsp mailing list