[j-nsp] how to send L2TP client IP in radius accouting packets?

Joe Shen sj_hznm at yahoo.com.cn
Tue Apr 15 01:16:02 EDT 2008 

Hi,

   Could we configure E320 to include client IP
address in radius accouting packets when E320 is used
as LAC in L2TP tunnel ? 

   we use Juniper E320 as LNS in VPDN service.

   the system architecture looks like 

           
                   LNS(E320)  ---------------------
                                                  |
   radius server -----------E320(LAC) ----------- PC

   ---------return LNS address and tunnel type--->
 
 
   PC dial up with L2TP option enabled. when LAC
received a dial-up request, it will send user name
and password to radius server. Radius server
authenticate user and send back L2TP LNS IP and tunnel
type. Receiving those L2TP tunnel information, LAC
establish L2TP tunnel for PC to LNS.

   We log those L2TP connection information in radius
server database. But, we found we could not get client
IP address. The radius accounting packets looks like :

    Fri Mar 28 00:00:01 EAT 2008
        Acct-Status-Type = Start
        User-Name = da3081445 at zj
        Event-TimeStamp = 1206633484
        Acct-Delay-Time = 0
        NAS-Identifier = 10.175.0.42
        Acct-Session-Id = 0029517089
        NAS-IP-Address = 10.175.0.42
        Service-Type = Framed
        Framed-Protocol = PPP
        Framed-Compression = None
        UN-Pppoe-Description = pppoe 00:14:78:8d:1e:77
        UN-Ingress-Policy-Name = 2min
        UN-Egress-Policy-Name = 2mout
        Calling-Station-Id = NB-C14200000850
        Tunnel-Type = L2TP
        Tunnel-Medium-Type = IPv4
        Tunnel-Client-Endpoint = 10.175.0.42
        Tunnel-Client-Auth-ID = CX-WS-BAS-E320-1
        Tunnel-Server-Endpoint = 10.130.132.224
        Tunnel-Server-Auth-ID = black
        Tunnel-Assignment-ID = 10.130.132.224
        Acct-Tunnel-Connection = 0000310885
        NAS-Port-Type = 15
        NAS-Port = -496434350
        NAS-Port-Id = GigabitEthernet
14/0/2.16800850:1680-850
        Acct-Authentic = RADIUS
        Pseudo-Request-Source = 10.175.0.42
        Pseudo-Request-Type = Accounting-Request
        <unknown attribute> 203 = <unknown value>
\x00\x00\x00\x00

   how could we configure LAC to include client IP in
radius accouting packets?

regards

Joe   


		
___________________________________________________________
 
情人节,用雅虎邮箱送玫瑰!

More information about the juniper-nsp mailing list