[rbak-nsp] internal dhcp and global radius authentication (with dynamic clips)

Sridhar Mani manisridhar at gmail.com
Wed Aug 11 16:26:36 EDT 2010 

Hi Misha,
Does your radius server send the context name ("BRAS") as an attribute to
the redback in the access accept? If the answer is no, this is probably the
issue. The redback router does not know that the dynamic clips subscriber
should be bound to an interface in context BRAS. This is because the AAA
username in dynamic clips is is the end client MAC address (no domain).

thanks
sridhar

On Wed, Aug 11, 2010 at 12:14 PM, <misha at iim.pl> wrote:

>
> I'm beginner user of  redback routers. From about 2 weeks I try to create
> simply configuration but I still have problems.
>
> I want to create BRAS context with internal dhcp serwer and GLOBAL radius
> authentication (radius client in context local).
>
> In the global section:
> aaa global authentication radius context  local
>
> in the context BRAS:
>  aaa authentication  subscriber radius global
>  dhcp policy...
>
> in context local:
> radius server 192.168...  key    flksjdkfjsdkf
>
> All the configuration below... this configuration does'nt works, dynamic
> clips are not created
> BUT:
> 1. communication with radius works fine (in the radius logs i see
> ACCEPTED);
> 2.  Whet I turn off authentication in context BRAS (aaa authentication
> subscriber none)  - it works - so DHCP iS working
> 3.  When I move the radius to the context BRAS (without  global
> authenticaation) -works!  - so radius is working
>
> MK
>
>
> Current configuration:
> !
> !  Configuration last changed by user 'misha' at Mon Aug  9 10:52:45 2010
> !
> !
> !
> !
> !
> aaa global authentication subscriber radius context local
> !
> !
> service multiple-contexts
> !
> !
> !
> !
> !
> !
>
>
> !
> !
> !
> context local
> !
>  ip domain-lookup
> !
>  interface mgmt
>  ip address 192.168.2.9/24
>  logging console
> !
>  aaa authentication administrator local
> !
>  administrator leon encrypted 1 $1$........$5oNrzEf/HtcRZcaSZEVQa0
>   privilege start 15
>   privilege max 15
>  administrator misha encrypted 1 $1$........$t8SQPi4ZT/TyNvolUGhOv1
>   privilege start 10
>   privilege max 15
> !
>  radius server 192.168.2.8 encrypted-key 64DAB7650584FA7D452BD158B882C838
> !
>  ip route 0.0.0.0/0 192.168.2.254
>  service ssh server
> !
>
>
> !
> context BRAS
> !
>  description  routing_context
> !
>  no ip domain-lookup
> !
>  interface LAN multibind
>  description BRAS LAN GW
>  ip address 83.142.199.193/26
>  dhcp server interface
>  ip arp proxy-arp
> !
>  interface WAN
>  ip address 83.142.192.100/29
>  no logging console
> !
>  aaa authentication administrator local
>  aaa authentication administrator maximum sessions 1
>  aaa authentication subscriber radius global
> !
> !
>  subscriber default
>   dhcp max-addrs 1
> !
>  subscriber name 00:1F:F3:5B:67:40
> !
>  ip route 0.0.0.0/0 83.142.192.102
>  no service ssh server
> !
>  dhcp server policy
>   nak-on-subnet-deletion
>   option domain-name mi.pl
>   offer-lease-time 300
>   default-lease-time 900
>   maximum-lease-time 900
>   subnet 83.142.199.192/26
>     range 83.142.199.210 83.142.199.250
>     option domain-name-server 83.142.192.2
>
>
> !
> ! ** End Context **
>  logging tdm console
>  logging active
>  logging standby short
> !
> !
> !
> !Ethernet connectivity fault management configuration
> !
> !
> !
> port ethernet 1/1
> ! XCRP management port on slot 1
>  no shutdown
>  bind interface mgmt local
> !
> card carrier 2
> !
> port ethernet 2/1
>  no shutdown
>  medium-type copper
>  encapsulation dot1q
>  dot1q pvc 2000 encapsulation multi
>  bind interface WAN BRAS
> !
> port ethernet 2/2
>  no shutdown
>  medium-type copper
>  encapsulation dot1q
>  dot1q pvc 15 encapsulation multi
>  service clips dhcp context BRAS
> !
>  ssh server full-drop 10
> !
>  ssh server rate-drop 50
> !
>  ssh server start-drop 5
> !
>  system hostname RedBack
> !
> no service console-break
> !
> service crash-dump-dram
> !
> no service auto-system-recovery
> !
> end
> [local]RedBack#
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20100811/60999192/attachment.html>

More information about the redback-nsp mailing list