Quantcast

PPPoE subscriber management

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

PPPoE subscriber management

Marijn van Gool
Hello folks,

I have set up and configured PPPoE subscriber management on my Juniper MX80 router. I’m using FreeRadius version 2.1.12. I know it’s old and we’re planning on upgrading it soon.

A PPPoE client successfully authenticates using PAP and sends out a Framed-IP-Address (10.120.120.10) in the Access-Accept message back to the router:

Ready to process requests.
rad_recv: Access-Request packet from host 185.85.83.150 port 52772, id=174, length=158
        User-Name = "pppoe-test"
        User-Password = "1234"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Chargeable-User-Identity = ""
        Acct-Session-Id = "121184"
        ERX-Dhcp-Mac-Addr = "6c3b.6b8b.760d"
        NAS-Identifier = "MX5-Kantoor"
        NAS-Port = 272630560
        NAS-Port-Id = "ge-1/1/1.demux0.1073863004:800"
        NAS-Port-Type = Ethernet
        NAS-IP-Address = 185.85.83.150
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "pppoe-test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql] expand: %{User-Name} -> pppoe-test
[sql] sql_set_user escaped user --> 'pppoe-test'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'pppoe-test'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'pppoe-test'           ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'pppoe-test'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'pppoe-test'           ORDER BY id
[sql] expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'pppoe-test'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = 'pppoe-test'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "1234"
[pap] Using clear text password "1234"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> pppoe-test
[sql] sql_set_user escaped user --> 'pppoe-test'
[sql] expand: %{User-Password} -> 1234
[sql] expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'pppoe-test',                           '1234',                           'Access-Accept', '2017-05-05 13:36:48')
[sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'pppoe-test',                           '1234',                           'Access-Accept', '2017-05-05 13:36:48')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query:  INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'pppoe-test',                           '1234',                           'Access-Accept', '2017-05-05 13:36:48')
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 174 to 185.85.83.150 port 52772
        Framed-IP-Address = 10.120.120.10
Finished request 17.
Going to the next request

The MX80 feels like the FreeRadius server is dead / unreachable, while the connectivity is just fine. Without using PAP and with using an address pool on the router itself, all works fine.
But I want to specify the IP address my users get.

Is there a different RADIUS VSA I need to use in this regard?

Met vriendelijke groet \ With kind regards,

Marijn van Gool
Network Engineer

+31 88 999 5555
[hidden email] <mailto:[hidden email]>
www.comsave.nl <http://www.comsave.nl/>






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PPPoE subscriber management

Alan DeKok-2
On May 5, 2017, at 7:39 AM, Marijn van Gool <[hidden email]> wrote:
> I have set up and configured PPPoE subscriber management on my Juniper MX80 router. I’m using FreeRadius version 2.1.12. I know it’s old and we’re planning on upgrading it soon.
>
> A PPPoE client successfully authenticates using PAP and sends out a Framed-IP-Address (10.120.120.10) in the Access-Accept message back to the router:
> ...
> Sending Access-Accept of id 174 to 185.85.83.150 port 52772
> Framed-IP-Address = 10.120.120.10

  You probably also need to send back Framed-Protocol = PPP

> The MX80 feels like the FreeRadius server is dead / unreachable,

  What does that mean?

> while the connectivity is just fine. Without using PAP and with using an address pool on the router itself, all works fine.
> But I want to specify the IP address my users get.
>
> Is there a different RADIUS VSA I need to use in this regard?

  Read the Juniper router documentation to see what RADIUS attributes it requires for IP address assignment.  We have no idea how third-party products work.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PPPoE subscriber management

arr2036

> On 5 May 2017, at 07:41, Alan DeKok <[hidden email]> wrote:
>
> On May 5, 2017, at 7:39 AM, Marijn van Gool <[hidden email]> wrote:
>> I have set up and configured PPPoE subscriber management on my Juniper MX80 router. I’m using FreeRadius version 2.1.12. I know it’s old and we’re planning on upgrading it soon.
>>
>> A PPPoE client successfully authenticates using PAP and sends out a Framed-IP-Address (10.120.120.10) in the Access-Accept message back to the router:
>> ...
>> Sending Access-Accept of id 174 to 185.85.83.150 port 52772
>> Framed-IP-Address = 10.120.120.10
>
>  You probably also need to send back Framed-Protocol = PPP
>
>> The MX80 feels like the FreeRadius server is dead / unreachable,
>
>  What does that mean?

It feels like it’s been cast adrift in a sea of shitty and conflicting documentation and support staff that don’t give a shit.  But that’s hardly the RADIUS server’s fault.

-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PPPoE subscriber management

Users mailing list
In reply to this post by Alan DeKok-2
HI,

On Juniper MX104, i'v configured FR to send these attributes (in case of
fixed IP for users):


ERX-Primary-DNS   = dns1's IP

ERX-Secondary-DNS = dns2's IP

ERX-Ingress-Policy-Name = OPE1-IN-Filter (filter's name on the
routeur(optional))

ERX-Egress-Policy-Name  = OPE1-OUT-Filter (filter's name on the
routeur(optional))

Framed-Protocol  = PPP

Class  = default

Service-Type  = Framed-User

ERX-Virtual-Router-Name  = default:default  (logical system : RE)

ERX-Local-Loopback-Interface = lo0.0

Framed-IP = USER's fixed ip
Framed-IP-Netmask = 255.255.255.255



you need Juniper dictionaries.


it works fine.


Bye
Jo


On 05/05/2017 13:41, Alan DeKok wrote:

> On May 5, 2017, at 7:39 AM, Marijn van Gool <[hidden email]> wrote:
>> I have set up and configured PPPoE subscriber management on my Juniper MX80 router. I’m using FreeRadius version 2.1.12. I know it’s old and we’re planning on upgrading it soon.
>>
>> A PPPoE client successfully authenticates using PAP and sends out a Framed-IP-Address (10.120.120.10) in the Access-Accept message back to the router:
>> ...
>> Sending Access-Accept of id 174 to 185.85.83.150 port 52772
>> Framed-IP-Address = 10.120.120.10
>    You probably also need to send back Framed-Protocol = PPP
>
>> The MX80 feels like the FreeRadius server is dead / unreachable,
>    What does that mean?
>
>> while the connectivity is just fine. Without using PAP and with using an address pool on the router itself, all works fine.
>> But I want to specify the IP address my users get.
>>
>> Is there a different RADIUS VSA I need to use in this regard?
>    Read the Juniper router documentation to see what RADIUS attributes it requires for IP address assignment.  We have no idea how third-party products work.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PPPoE subscriber management

Marijn van Gool
Hi Jo,

I will try that.
I do have the Juniper dictionaries.

Is there a possibility I could take a look at your relevant configuration on your MX router?

Met vriendelijke groet \ With kind regards,

Marijn van Gool
Network Engineer

+31 88 999 5555
[hidden email] <mailto:[hidden email]>
www.comsave.nl <http://www.comsave.nl/>






> On 05 May 2017, at 14:07, Little Snooze via Freeradius-Users <[hidden email]> wrote:
>
> HI,
>
> On Juniper MX104, i'v configured FR to send these attributes (in case of fixed IP for users):
>
>
> ERX-Primary-DNS   = dns1's IP
>
> ERX-Secondary-DNS = dns2's IP
>
> ERX-Ingress-Policy-Name = OPE1-IN-Filter (filter's name on the routeur(optional))
>
> ERX-Egress-Policy-Name  = OPE1-OUT-Filter (filter's name on the routeur(optional))
>
> Framed-Protocol  = PPP
>
> Class  = default
>
> Service-Type  = Framed-User
>
> ERX-Virtual-Router-Name  = default:default  (logical system : RE)
>
> ERX-Local-Loopback-Interface = lo0.0
>
> Framed-IP = USER's fixed ip
> Framed-IP-Netmask = 255.255.255.255
>
>
>
> you need Juniper dictionaries.
>
>
> it works fine.
>
>
> Bye
> Jo

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...