[j-nsp] JNPR Radius VSA

Marlon Duksa mduksa at gmail.com
Thu Oct 2 10:01:35 EDT 2008


It should be supported based on Junos documentation. page 32 in Subscriber
Access document in Junos 9.2.

On Thu, Oct 2, 2008 at 6:57 AM, Drechsel, Thiago (NSN - BR/Curitiba) <
thiago.drechsel at nsn.com> wrote:

> Hi Marlon.
>
> Are you sending an ERX attribute to a MX box? I don't think it should
> work....
> This attribute is used for ERX, as subscriber's policy...
>
>
> Thiago Drechsel
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of ext Marlon
> Duksa
> Sent: Wednesday, October 01, 2008 6:41 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] JNPR Radius VSA
>
> Hi,
>
> I'm trying to assign filter name to JNPR subscriber on MX  through
> Radius.
>
> But JNPR debugging is telling me that the attribute that I'm trying to
> pass
> as a filter name from Radius is 'unknown'.
>
>  Does anyone know what could be possibly behind this error message? JNPR
> documentation is saying that the attribute should be supported. I also
> tried
> some other JNPR VSA attributes such as Primary-DNS (just to test it) and
> I
> don't get any error message.
>
>
>
> Maybe there is something with encoding of the filter-name attribute??
>
>
>
> This is how my Radius entry looks like:
>
> DEFAULT         User-Name =~
> "([a-z]+):([0-9]+)[^a-z]+([a-z]+):([0-9]+)$",
> Auth-Type := Local, User-Password == "usrpass"
>
>                        ERX-Ingress-Policy-Name = "ingress",       <-
> this
> is the attribute that I'm trying to pass
>
>
>
>
>
> this is the attribute definition from the dictionary file:
>
> ATTRIBUTE       ERX-Ingress-Policy-Name                 10      string
>
>
>
>
>
> And this is what Radius is sending back:
>
>
>
> auth: user supplied User-Password matches local User-Password
>
> Sending Access-Accept of id 61 to 114.0.1.1 port 50628
>
>        ERX-Ingress-Policy-Name = "ingress"
>
> Finished request 0
>
> Going to the next request
>
> --- Walking the entire request list ---
>
> Waking up in 6 seconds...
>
>
>
>
>
>
>
> And this is the error message on JNPR:
>
>
>
>
>
> Client 00-00-64-01-01-02 got event CLIENT_EVENT_DISCOVER_PDU in state
> RELAY_STATE_INIT
>
> Oct  1 21:28:31 Profile_get using regular profile basic-profile
>
> Oct  1 21:28:31 jdhcpd_session_db_client_add: setting giaddr 20.0.0.1
>
> Oct  1 21:28:31 jdhcpd_session_db_client_add: setting IP addr Key
> 20.0.0.1
>
> Oct  1 21:28:31 jdhcpd_session_db_client_add: setting LR name  default
>
> Oct  1 21:28:31 jdhcpd_session_db_client_add: setting RI name  default
>
> Oct  1 21:28:31 sdb username   circuit:0remote:0
>
> Oct  1 21:28:31 jdhcpd_session_db_client_add: setting profile name
> basic-profile
>
> Oct  1 21:28:31 jdhcpd_session_db_client_add: setting inner vlan_ID 1
>
> Oct  1 21:28:31 jdhcpd_session_db_client_add: setting underlying
> interface
> ge-0/0/0.1
>
> Oct  1 21:28:31 session DB create got entry id 111
>
> Oct  1 21:28:31 asking authd for authentication
>
> Oct  1 21:28:31 Auth reply retval 1
>
> Oct  1 21:28:31 got unknown auth attr from session db 325
>
> Oct  1 21:28:31 Client 00-00-64-01-01-02 got event
> CLIENT_EVENT_AUTH_REQ_ACK
> in state RELAY_STATE_WAIT_AUTH_REQ
>
> Oct  1 21:28:31 Auth request reply SUCCESS
>
> Oct  1 21:28:31 *** relaying packet ***
>
> Oct  1 21:28:31 added giaddr 20.0.0.1
>
>  Thanks,
>
> Marlon
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list