[rbak-nsp] redback-nsp Digest, Vol 65, Issue 3
ADMINET Uslugi Informatyczne
mail at adminet.net.pl
Wed May 15 04:13:04 EDT 2013
Thanks to Slavkin Oleg my /etc/freeradius/users should be lie this :
00:25:90:7a:df:10 Auth-Type := Local, Cleartext-Password:="Redback"
Framed-IP-Address = 10.0.0.24,
Framed-IP-Netmask = 255.255.255.128,
Dhcp-Max-Leases = 1,
IP-Interface-Name = "dhcp-biznesowi",
Context_Name = dhcp,
Service-Type = Outbound-User,
Qos-Policy-Policing = u_512k,
Qos-Policy-Metering = d_100M,
Nat-Policy-Name = NAT_policy,
And now is working ok
Pozdrawiam
------------------------------------------------------------
ADMINET Uslugi Informatyczne Lipinski Robert
Ul.Gen. Józefa Bema 6/2
22-400 Zamosc
NIP 922-230-17-12
biuro at adminet.net.pl
--------------------------------------------------
From: <redback-nsp-request at puck.nether.net>
Sent: Tuesday, May 14, 2013 6:00 PM
To: <redback-nsp at puck.nether.net>
Subject: redback-nsp Digest, Vol 65, Issue 3
> Send redback-nsp mailing list submissions to
> redback-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://puck.nether.net/mailman/listinfo/redback-nsp
> or, via email, send a message with subject or body 'help' to
> redback-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
> redback-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of redback-nsp digest..."
>
>
> Today's Topics:
>
> 1. Clips and radius problem (ADMINET Uslugi Informatyczne)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 14 May 2013 15:30:24 +0200
> From: "ADMINET Uslugi Informatyczne" <mail at adminet.net.pl>
> To: <redback-nsp at puck.nether.net>
> Subject: [rbak-nsp] Clips and radius problem
> Message-ID: <B32EB53AD89D4A79A3D52154DE003AB9 at adminetlapek>
> Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> reply-type=original
>
> Hello Friends,
>
> I hawe little problem with Clips service , when i set aaa authentication
> none dhcp assigned ip to the subscriber corretly form dhcp range , when i
> configure aaa authentication local and add subscriber username
> 00:25.90....
> its still working , when i define aaa authentication subscriber radius and
> add radius server , subscriber cannot bind to circuit and cannot be
> authenticated
>
> here is my config :
>
> [dhcp]bras_Robaczek#show configuration
> Building configuration...
>
> Current configuration:
> !
> context dhcp
> !
> no ip domain-lookup
> !
> interface dhcp-biznesowi multibind
> ip address 10.0.0.1/26
> dhcp server interface
> !
> interface radius
> ip address 192.168.4.11/24
> no logging console
> !
> aaa authentication administrator local
> aaa authentication administrator maximum sessions 1
> aaa authentication subscriber radius
> !
> radius server 192.168.4.2 encrypted-key 460350D401780171
> !
> subscriber default
> dhcp max-addrs 1
> dns primary 192.168.88.1
> dns secondary 192.168.88.12
> !
> dhcp server policy
> option domain-name-server 192.168.88.12
> default-lease-time 1800
> maximum-lease-time 3600
> subnet 10.0.0.0/26
> range 10.0.0.2 10.0.0.22
> option router 10.0.0.1
> !
>
> /etc/freeradius/users
>
>
> 00:25:90:7a:df:10 Auth-Type := Local, Cleartext-Password:="Redback"
> Framed-IP-Address = 10.0.0.24,
> Framed-IP-Netmask = 255.255.255.128,
> Dhcp-Max-Leases = 1,
> # Context_Name = dhcp,
> Service-Type = Outbound-User,
>
> radius logs :
> Tue May 14 15:14:47 2013 : Info: Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.4.11 port 1812, id=147,
> length=230
> User-Name = "00:25:90:7a:df:10"
> User-Password = "Redback"
> Service-Type = Outbound-User
> NAS-Identifier = "bras_Robaczek"
> NAS-Port = 33619968
> NAS-Real-Port = 553648227
> NAS-Port-Type = Virtual
> NAS-Port-Id = "2/1 vlan-id 99 clips 136525"
> Medium-Type = DSL
> Mac-Addr = "00-25-90-7a-df-10"
> Platform-Type = SE-100
> OS-Version = "6.5.1.5"
> DHCP-Option = "==\007\001\000%\220z\337\020"
> DHCP-Option = "\014\014\010MikroTik"
> Tue May 14 15:14:47 2013 : Info: # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> Tue May 14 15:14:47 2013 : Info: +- entering group authorize {...}
> Tue May 14 15:14:47 2013 : Info: ++[preprocess] returns ok
> Tue May 14 15:14:47 2013 : Info: ++[chap] returns noop
> Tue May 14 15:14:47 2013 : Info: ++[mschap] returns noop
> Tue May 14 15:14:47 2013 : Info: ++[digest] returns noop
> Tue May 14 15:14:47 2013 : Info: [suffix] No '@' in User-Name =
> "00:25:90:7a:df:10", looking up realm NULL
> Tue May 14 15:14:47 2013 : Info: [suffix] No such realm "NULL"
> Tue May 14 15:14:47 2013 : Info: ++[suffix] returns noop
> Tue May 14 15:14:47 2013 : Info: [files] users: Matched entry
> 00:25:90:7a:df:10 at line 6
> Tue May 14 15:14:47 2013 : Info: ++[files] returns ok
> Tue May 14 15:14:47 2013 : Info: ++[expiration] returns noop
> Tue May 14 15:14:47 2013 : Info: ++[logintime] returns noop
> Tue May 14 15:14:47 2013 : Info: [pap] WARNING: Auth-Type already set.
> Not
> setting to PAP
> Tue May 14 15:14:47 2013 : Info: ++[pap] returns noop
> Tue May 14 15:14:47 2013 : Info: Found Auth-Type = Local
> Tue May 14 15:14:47 2013 : Info: WARNING: Please update your
> configuration,
> and remove 'Auth-Type = Local'
> Tue May 14 15:14:47 2013 : Info: WARNING: Use the PAP or CHAP modules
> instead.
> Tue May 14 15:14:47 2013 : Info: User-Password in the request is correct.
> Tue May 14 15:14:47 2013 : Info: # Executing section post-auth from file
> /etc/freeradius/sites-enabled/default
> Tue May 14 15:14:47 2013 : Info: +- entering group post-auth {...}
> Tue May 14 15:14:47 2013 : Info: ++[exec] returns noop
> Sending Access-Accept of id 147 to 192.168.4.11 port 1812
> Framed-IP-Address = 10.0.0.24
> Framed-IP-Netmask = 255.255.255.128
> Service-Type = Outbound-User
> Tue May 14 15:14:47 2013 : Info: Finished request 136.
> Tue May 14 15:14:47 2013 : Debug: Going to the next request
> Tue May 14 15:14:47 2013 : Debug: Waking up in 4.9 seconds.
>
> SEOS-6.5.1.5-Release , freeradius: FreeRADIUS Version 2.1.12,
>
> I hawe no idea what i doing wrong , thanks for any help
> --------------------------------------------------
> From: <redback-nsp-request at puck.nether.net>
> Sent: Sunday, May 05, 2013 6:00 PM
> To: <redback-nsp at puck.nether.net>
> Subject: redback-nsp Digest, Vol 65, Issue 2
>
>> Send redback-nsp mailing list submissions to
>> redback-nsp at puck.nether.net
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>> or, via email, send a message with subject or body 'help' to
>> redback-nsp-request at puck.nether.net
>>
>> You can reach the person managing the list at
>> redback-nsp-owner at puck.nether.net
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of redback-nsp digest..."
>>
>>
>> Today's Topics:
>>
>> 1. uRPF (Ali Norouzi)
>> 2. Re: uRPF (Jim Tyrrell)
>> 3. Re: uRPF (Yuri Shefer)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sat, 4 May 2013 16:39:27 +0430
>> From: Ali Norouzi <norouzi1983 at gmail.com>
>> To: redback-nsp at puck.nether.net
>> Subject: [rbak-nsp] uRPF
>> Message-ID:
>> <CAK1yZrnywKuTBBtgQysgMb9PivAqsMkmA9jyG2YQKcuf4VFN7g at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hello Friends,
>>
>> There is spoofing problem in the BRAS. The BRASs is SE-100 and SE-800. Is
>> there anything like RPF (Reverse Path Forwarding) in SEOS?
>>
>> Thank you
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>> <https://puck.nether.net/pipermail/redback-nsp/attachments/20130504/6c695ddc/attachment-0001.html>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Sat, 04 May 2013 20:55:32 +0100
>> From: Jim Tyrrell <jim at scusting.com>
>> To: Ali Norouzi <norouzi1983 at gmail.com>
>> Cc: redback-nsp at puck.nether.net
>> Subject: Re: [rbak-nsp] uRPF
>> Message-ID: <518567B4.7000701 at scusting.com>
>> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>>
>> Look at 'ip source-validation'.
>>
>> context <name>
>> subscriber default
>> ip source-validation
>>
>>
>> Jim.
>>
>> On 04/05/2013 13:09, Ali Norouzi wrote:
>>> Hello Friends,
>>>
>>> There is spoofing problem in the BRAS. The BRASs is SE-100 and SE-800.
>>> Is there anything like RPF (Reverse Path Forwarding) in SEOS?
>>>
>>> Thank you
>>>
>>>
>>> _______________________________________________
>>> redback-nsp mailing list
>>> redback-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>> <https://puck.nether.net/pipermail/redback-nsp/attachments/20130504/ac2adef0/attachment-0001.html>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Sat, 4 May 2013 22:36:00 -0700
>> From: Yuri Shefer <shefys at gmail.com>
>> To: Ali Norouzi <norouzi1983 at gmail.com>
>> Cc: redback-nsp at puck.nether.net
>> Subject: Re: [rbak-nsp] uRPF
>> Message-ID: <93CD0246-C830-4519-ADA1-4D52C5D4A903 at gmail.com>
>> Content-Type: text/plain; charset=iso-8859-1
>>
>> Hi Ali,
>>
>> For normal interfaces you can use "ip verify unicast source reachable-via
>> <option>" command under interface configuration.
>>
>> [local]SE600(config-if)#ip verify unicast source reachable-via ?
>> any Source ip address can be reached by any interface
>> rx Source address must be reachable thru the incoming interface
>>
>> BR, Yury.
>>
>>
>> On May 4, 2013, at 5:09 AM, Ali Norouzi <norouzi1983 at gmail.com> wrote:
>>
>>> Hello Friends,
>>>
>>> There is spoofing problem in the BRAS. The BRASs is SE-100 and SE-800.
>>> Is
>>> there anything like RPF (Reverse Path Forwarding) in SEOS?
>>
>>
>>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>>
>> ------------------------------
>>
>> End of redback-nsp Digest, Vol 65, Issue 2
>> ******************************************
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
> ------------------------------
>
> End of redback-nsp Digest, Vol 65, Issue 3
> ******************************************
>
More information about the redback-nsp
mailing list