[j-nsp] FreeRadius/ERX Question

[Bjørn Mork]

"Paul Stewart" <paul at paulstewart.org> writes:

> We are trying to get a "lite profile" working on ERX platform for PPPOE
> clients.  This would restrict their download/upload speeds on a per user
> basis via Radius attributes.
>
>  
>
> I have a ticket running at JTAC now for a long time on this - they have now
> come back and told me I must run Unisphere attributes instead of ERX
> attributes from Radius.  We are using FreeRadius FYI.

They are probably referring to their official Steel-Belted Radius
dictionary, which names the attributes like that.  See e.g
  http://www.juniper.net/techpubs/software/junos/junos112/radius-dictionary/unisphereDictionary_for_JUNOS_v11-2.dct

(for some reason the JUNOSe dictionary links now requires login while
the one JUNOS dictionaries still can be downloaded by anyone, including
the above "vendorid 4874" one, which applies to both the ERX and the MX
subscriber platform.  Strange).

> Am I doing something wrong here?  I checked and all the dictionary files
> appear to be intact including those attributes . seems like a FreeRadius
> issue possibly.

The default FreeRADIUS dictionary use the "ERX" prefix everywhere,
regardless of whether Juniper uses "Unisphere", "ERX" or the recent
"Jnpr" prefix.  I am not sure which solution is least confusing.  But I
do not fancy having a mix of vendor prefixes in the same vendor specific
dictionary. And Terje started the show by changing the "Unisphere" names
to "ERX" int the first place. So when I recently sent an update to
FreeRADIUS for the attributes added in JUNOS 11.2, I chose to continue
using the ERX prefix despite Juniper using "Jnpr".

Anyway, if in doubt, check the actual attribute numbers. 

> Anyone else doing something similar?  Are you using these attributes?  When
> we use ERX-Ingress-Policy-Name we can see the policy appearing on a debug
> with the ERX box but it doesn't work.

ERX-Ingress-Policy-Name is correct.

Define "doesn't work".  It is supposed to work.  


Bjørn