cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1634
Views
0
Helpful
2
Replies

Radius Accounting for PPPoE terminated Sessions

mogli
Level 1
Level 1

Hi

we've got an Cisco 7200 termination our incoming PPPoE Connection. That works quite well, but to localize the clients we would like to log via Radius the following parameters:

client-mac-address[31]

interface[157]

Debugging the aaa process we got following error output:

Feb 16 06:31:13: RADIUS: AAA Unsupported Attr: client-mac-address[31] 14

Feb 16 06:31:13: RADIUS: 30 30 30 66 2E 62 30 37 39 2E 66 39 [00ed.a012.c3]

and

Feb 16 06:31:13: RADIUS: AAA Unsupported Attr: interface [157] 9

Feb 16 06:31:13: RADIUS: 30 2F 30 2F 30 2F 38 [0/0/0/8]

The complete debug we did is attached.

Anyone an idea, why we get the "...Unsupported Attr:..." message ?

here are the related config parts:

.

.

.

.

aaa group server radius TEST

server 10.250.112.34 auth-port 1812 acct-port 1813

authorization request accept temp

!

aaa authentication login default local enable

aaa authentication ppp default group radius

aaa authorization network default group radius local if-authenticated

aaa accounting delay-start

aaa accounting update periodic 10

aaa accounting network default start-stop group radius

.

.

.

.

radius-server attribute list temp

attribute 1,3-7,31,61,87,157

!

radius-server attribute 31 mac format unformatted

radius-server host 10.250.112.34 auth-port 1812 acct-port 1813

radius-server key 7 <removed>

best regards

2 Replies 2

smalkeric
Level 6
Level 6

You have the debug message "AAA Unsupported Attr: client-mac-address[31] 14" appearing. It means that the radius server cannot find the proper attribute for it in its list of radius server attribute which the client is sending to the radius server . We cannot change this request as these are preconfigured radius server attribute in every radius server .

acastellon1
Level 1
Level 1

Cisco sever is working fine. When you do use non-standard or non-RFC requests from your NAS to the AAA server for instance, you have to configure your server accordingly to instruct it how to handle this kind of requests.

This is typically done with something called "dictionary", which should be included in your radius server. The server typically decodes all RFC 2865 VSAs (or should), but when a new NAS model is introduced into the network, you can modify it to add any VSAs not appearing in the dictionary, which is your case.

As an example, imagine you want to change the attribute cisco-vsa-port-string to tagged-string, your dictionary will look somethign similar than:

And finally you will have to modify with a text editor, or XML editor and change type="tagged-string" supposing your device comply with RFC 2868. Probably

the AAA server will have to restarted for taking this

changes into account.

Also,since this does apply to all devices for this vendor, you've got other option more, which is define your own dictionary for a specific vendor, or even if you wish for a specific NAS or group or NASes.

In NavisRadius you could associate a dictionary to a

device adding a client-class:

# Client-IP Client-Secret Client-Class

# --------- ------------- ---------------

10.0.0.1 secret taos-old

And then specifying the dictionary later in client_properties for this device:

# This file contains information about client classes # and is used to set per-client specific information.

#

# TAOS Devices in OLD mode with RFC conflicts

# ---------------------------------------------------

taos-old

Client-Dictionary=max_dictionary

# Other devices now, etc.

Hope it helps

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: