[j-nsp] JNPR Radius VSA

Drechsel, Thiago (NSN - BR/Curitiba) thiago.drechsel at nsn.com
Thu Oct 2 09:57:43 EDT 2008 

Hi Marlon.

Are you sending an ERX attribute to a MX box? I don't think it should
work.... 
This attribute is used for ERX, as subscriber's policy...
 

Thiago Drechsel

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of ext Marlon
Duksa
Sent: Wednesday, October 01, 2008 6:41 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] JNPR Radius VSA

Hi,

I'm trying to assign filter name to JNPR subscriber on MX  through
Radius.

But JNPR debugging is telling me that the attribute that I'm trying to
pass
as a filter name from Radius is 'unknown'.

 Does anyone know what could be possibly behind this error message? JNPR
documentation is saying that the attribute should be supported. I also
tried
some other JNPR VSA attributes such as Primary-DNS (just to test it) and
I
don't get any error message.



Maybe there is something with encoding of the filter-name attribute??



This is how my Radius entry looks like:

DEFAULT         User-Name =~
"([a-z]+):([0-9]+)[^a-z]+([a-z]+):([0-9]+)$",
Auth-Type := Local, User-Password == "usrpass"

                        ERX-Ingress-Policy-Name = "ingress",       <-
this
is the attribute that I'm trying to pass





this is the attribute definition from the dictionary file:

ATTRIBUTE       ERX-Ingress-Policy-Name                 10      string





And this is what Radius is sending back:



auth: user supplied User-Password matches local User-Password

Sending Access-Accept of id 61 to 114.0.1.1 port 50628

        ERX-Ingress-Policy-Name = "ingress"

Finished request 0

Going to the next request

--- Walking the entire request list ---

Waking up in 6 seconds...







And this is the error message on JNPR:





Client 00-00-64-01-01-02 got event CLIENT_EVENT_DISCOVER_PDU in state
RELAY_STATE_INIT

Oct  1 21:28:31 Profile_get using regular profile basic-profile

Oct  1 21:28:31 jdhcpd_session_db_client_add: setting giaddr 20.0.0.1

Oct  1 21:28:31 jdhcpd_session_db_client_add: setting IP addr Key
20.0.0.1

Oct  1 21:28:31 jdhcpd_session_db_client_add: setting LR name  default

Oct  1 21:28:31 jdhcpd_session_db_client_add: setting RI name  default

Oct  1 21:28:31 sdb username   circuit:0remote:0

Oct  1 21:28:31 jdhcpd_session_db_client_add: setting profile name
basic-profile

Oct  1 21:28:31 jdhcpd_session_db_client_add: setting inner vlan_ID 1

Oct  1 21:28:31 jdhcpd_session_db_client_add: setting underlying
interface
ge-0/0/0.1

Oct  1 21:28:31 session DB create got entry id 111

Oct  1 21:28:31 asking authd for authentication

Oct  1 21:28:31 Auth reply retval 1

Oct  1 21:28:31 got unknown auth attr from session db 325

Oct  1 21:28:31 Client 00-00-64-01-01-02 got event
CLIENT_EVENT_AUTH_REQ_ACK
in state RELAY_STATE_WAIT_AUTH_REQ

Oct  1 21:28:31 Auth request reply SUCCESS

Oct  1 21:28:31 *** relaying packet ***

Oct  1 21:28:31 added giaddr 20.0.0.1

 Thanks,

Marlon
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list