[rbak-nsp] CLIPS session in context depending on RADIUS

Arjan Van Der Oest Arjan at voiceworks.nl
Tue Dec 21 09:30:42 EST 2010 

Hi,

I'm fairly new to the Redback platform. I'm trying to setup dynamic CLIPS. I'm receiving DSL customers from my telco via a single vlan (i know, don't ask...), they will set option82 with a unique key for each customer.

The current config is straightforward:

aaa global authentication subscriber radius context local
!
!
service multiple-contexts
!
context local
!
 aaa authentication subscriber radius  
!
 radius server <bla> encrypted-key <bla>
!
 subscriber default
   dhcp max-addrs 1
!
 interface kpn-wba-dhcp multibind
  ip address 94.247.1.1/24
  ip address 94.247.2.1/24 secondary
  dhcp server interface
!
 dhcp server policy
   default-lease-time 1800
   maximum-lease-time 3600
   subnet 94.247.1.0/24
     range 94.247.1.2 94.247.1.254
     option router 94.247.1.1
     option domain-name-server 8.8.8.8 4.4.4.4
   subnet 94.247.2.0/24
     range 94.247.2.2 94.247.2.254
     option router 94.247.2.1
     option domain-name-server 8.8.8.8 4.4.4.4
!
port ethernet 2/3
 description NH-CES-ETH1-7
 no shutdown
 encapsulation dot1q
 dot1q pvc 2001 
  service clips dhcp source-mac context local

This works together with this RADIUS config:

DEFAULT Auth-Type := Accept, Agent-Remote-Id == "PILOT"
        Service-Type = Outbound-User,
        Framed-IP-Address = 94.247.2.2,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Route = "94.247.3.0/24",
        DHCP_Max_Leases = 1

Session is up and running, the record is matched on the Agent-Remote-ID, regardless of the MAC address (the way I want it).

Now I'm trying to redirect this CLIPS session to a second instance. So I've configured a context identical to local (testvpn) and I added "Context-Name = testvpn" to RADIUS. But somehow the Redback still tries to bind it to local. When I change the Framed-IP-Address (for example 192.168.1.1) then it fails to bind the clips, because this IP is obviously not present in local (but I've actually added it to the testvpn context).

What am I missing here? Fingerpoints are appreciated.

-- 
Met vriendelijke groet,

Arjan van der Oest
Senior Network & Systems Engineer / Security Officer

Voiceworks BV - Editiestraat 29 - 1321 NG Almere
Mobile : (+31) (0)36 7600 197
Voiceworks winnaar Gouden FD Gazelle Award 2010 http://bit.ly/eksf8V

More information about the redback-nsp mailing list