12-10-2012 05:27 AM
Hi,
I'm traying to implement dynamic authorization and Per-User QoS.
What I have already done is that I can send rate-limit interface command via Radius AVpairs and it works.
Now what I want to do is that I want to change rate-limit without disconnecting user sessions (PPPoE Session), as far as I know it should be possible with CoA request.
my problem is that , when I send CoA to Router , I recieve CoA-NAK , and it doesn't work.
Here is sample CoA packet that I'm sending to router:
root@LinuxBox:/var/tmp# radclient -f f2 -xxx 192.168.19.123:1700 coa nasser
Sending CoA-Request of id 121 to 192.168.19.123 port 1700
User-Name = "testpppuser"
Service-Type = Framed-User
Framed-Protocol = PPP
Cisco-AVPair = "lcp:interface-config=rate-limit output 512000 48000 96000 conform-action continue exceed-action drop"
Code: 43
Id: 121
Length: 153
Vector: ca0be61b3c55f8754b228c87efb2edb5
Data: 01 0d 74 65 73 74 70 70 70 75 73 65 72
06 06 00 00 00 02
07 06 00 00 00 01
1a 6c 00 00 00 09 01 66 6c 63 70 3a 69 6e 74 65 72 66
61 63 65 2d 63 6f 6e 66 69 67 3d 72 61 74 65 2d
6c 69 6d 69 74 20 6f 75 74 70 75 74 20 35 31 32
30 30 30 20 34 38 30 30 30 20 39 36 30 30 30 20
63 6f 6e 66 6f 72 6d 2d 61 63 74 69 6f 6e 20 63
6f 6e 74 69 6e 75 65 20 65 78 63 65 65 64 2d 61
63 74 69 6f 6e 20 64 72 6f 70
rad_recv: CoA-NAK packet from host 192.168.19.123 port 1700, id=121, length=26
Code: 45
Id: 121
Length: 26
Vector: 0aba40210b66fd6e975426d36c38186a
Data: 65 06 00 00 00 c8
Error-Cause = 200
also here is router log :
lab1r1#
*Dec 10 16:54:08.511: COA: 192.168.19.28 request queued
*Dec 10 16:54:08.515: RADIUS: authenticator 11 E2 A0 0D 6A 01 09 02 - FA 30 85 27 1B 93 86 01
*Dec 10 16:54:08.515: RADIUS: User-Name [1] 13 "testpppuser"
*Dec 10 16:54:08.515: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 10 16:54:08.519: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Dec 10 16:54:08.519: RADIUS: Vendor, Cisco [26] 108
*Dec 10 16:54:08.519: RADIUS: Cisco AVpair [1] 102 "lcp:interface-config=rate-limit output 512000 48000 96000 conform-action continue exceed-action drop"
*Dec 10 16:54:08.523: AAA/ATTR(00000005): new list: 0x669D1A04
*Dec 10 16:54:08.523: AAA/ATTR(00000000): cursor init: 66B825B8 669D1A04 none none
*Dec 10 16:54:08.523: AAA/ATTR(00000000): add attr: 669D1A14 0 00000009 username(395) 11 testpppuser
*Dec 10 16:54:08.527: AAA/ATTR(00000000): new list: 0x669D16C4 prev list: 0x669D1A04
*Dec 10 16:54:08.527: AAA/ATTR(00000000): add attr: 669D16D4 0 00000001 service-type(302) 4 Framed
*Dec 10 16:54:08.527: AAA/ATTR(00000000): add attr: 669D16E4 0 00000001 Framed-Protocol(101) 4 PPP
*Dec 10 16:54:08.531: AAA/ATTR(00000000): add attr: 669D16F4 0 00000009 interface-config(195) 79 rate-limit output 512000 48000 96000 conform-action continue exceed-action drop
*Dec 10 16:54:08.535: ++++++ CoA Attribute List ++++++
*Dec 10 16:54:08.535: AAA/ATTR(00000000): cursor init: 66B825B8 669D1A04 none none
*Dec 10 16:54:08.535: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.535: AAA/ATTR(00000000): username ok
*Dec 10 16:54:08.535: 669D1A14 0 00000009 username(395) 11 testpppuser
*Dec 10 16:54:08.539: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.539: AAA/ATTR(00000000): service-type ok
*Dec 10 16:54:08.539: 669D16D4 0 00000001 service-type(302) 4 Framed
*Dec 10 16:54:08.543: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.543: AAA/ATTR(00000000): Framed-Protocol ok
*Dec 10 16:54:08.543: 669D16E4 0 00000001 Framed-Protocol(101) 4 PPP
*Dec 10 16:54:08.547: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.547: AAA/ATTR(00000000): interface-config protocol:lcp ok
*Dec 10 16:54:08.547: 669D16F4 0 00000009 interface-config(195) 79 rate-limit output 512000 48000 96000 conform-action continue exceed-action drop
*Dec 10 16:54:08.551: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.551: AAA/ATTR(00000000): not found
*Dec 10 16:54:08.551:
*Dec 10 16:54:08.551: AAA/API(00000000): aaa_req_alloc(), pc 0x61A3808C, enter {
*Dec 10 16:54:08.555: AAA/API(00000000): } aaa_req_alloc()
*Dec 10 16:54:08.555: AAA/ATTR(00000000): cursor init: 66B824B8 669D1A04 none unknown
*Dec 10 16:54:08.555: AAA/ATTR(00000000): find: ssg-command-code(431): not found
*Dec 10 16:54:08.559: COA: Added NACK Error Cause: Success
*Dec 10 16:54:08.559: COA: Sending NAK from port 1700 to 192.168.19.28/46960
*Dec 10 16:54:08.559: RADIUS: 101 6 000000C8
*Dec 10 16:54:08.563: AAA/ATTR(00000000): free all lists: 0x669D1A04
*Dec 10 16:54:08.563: AAA/ATTR(00000000): del attr: 669D1A14 0 00000009 username(395) 11 testpppuser0x669D16C4
*Dec 10 16:54:08.567: AAA/ATTR(00000000): del attr: 669D16D4 0 00000001 service-type(302) 4 Framed
*Dec 10 16:54:08.567: AAA/ATTR(00000000): del attr: 669D16E4 0 00000001 Framed-Protocol(101) 4 PPP
*Dec 10 16:54:08.571: AAA/ATTR(00000000): del attr: 669D16F4 0 00000009 interface-config(195) 79 rate-limit output 512000 48000 96000 conform-action continue exceed-action drop
Does any body has any Idea?
Thanks in advance
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: