[j-nsp] ERX - IP LOCAL POOL

le van cuong cuonglv at gmail.com
Thu Dec 11 00:02:32 EST 2008 

Hi Expert,

I'm currently test IP assignment based on Frame-Pool from Radius for
ERX310-Version: 8.2.2

Subcriber is denied to access when returned attribute IP-Pool-X from radius
for this user, but this pool is exhausted on local router. Any Solution to
ship this subcriber to another pool on ERX?

For example:
Case: there are two ip local pools configured on router, each
pool include only 2 IP addresses.
Pool P1: 192.168.10.1-2
Pool P2: 192.168.20.1-2

On Radius Server: all user1, user2, user3 are configured with returned
frame-pool P2.
After user1 and user2 successfuly login, user3 can't be access and receive
following log:

"ERX-310-41-37-66#DEBUG 12/11/2008 09:00:22 aaaServerGeneral:
doInitiateUserSession: profile handle is null, checking client handle table
16973909
DEBUG 12/11/2008 09:00:22 aaaServerGeneral: UserProfile::delClientHandle:
clientHandle not set
DEBUG 12/11/2008 09:00:22 radiusClient: buildAuthRequest: building User Auth
Request
DEBUG 12/11/2008 09:00:22 radiusClient: sendPacket: RADIUS Access packet
sent (default)
DEBUG 12/11/2008 09:00:22 radiusClient: processGoodAuthResponse enter:
DEBUG 12/11/2008 09:00:22 radiusAttributes: USER ATTRIBUTES: (USER3)
DEBUG 12/11/2008 09:00:22 radiusAttributes:      class attr: (binary data)
DEBUG 12/11/2008 09:00:22 radiusAttributes: total eap message attr length =
0
DEBUG 12/11/2008 09:00:22 radiusAttributes:      framed pool name attr: P2
DEBUG 12/11/2008 09:00:22 aaaServerGeneral: denying user no address - no
resources
INFO 12/11/2008 09:00:22 aaaUserAccess: User: USER3; id: GigabitEthernet
1/1.100:100; access denied: address allocation failure, insufficient
resources
DEBUG 12/11/2008 09:00:22 aaaServerGeneral: UserProfile::delClientHandle:
clientHandle not set
DEBUG 12/11/2008 09:00:23 aaaServerGeneral: doTerminateUserSession: no user
profile entry for profileHandle 0x800094
DEBUG 12/11/2008 09:00:23 aaaServerGeneral: User Termination status - no
such entry or value
"
Any idea to ship User3 to other pool when Pool P2 have no resourse IP
anymore.

Many Thanks& Regards,

Cuong,

More information about the juniper-nsp mailing list