[RADIATOR] COA for Cisco ISG
Deniz Aydin
deniza at netone.net.tr
Tue Aug 19 00:58:49 CDT 2008
Hi Hugh,
Version is 4.2.
Here there is working debug i got from cisco.
As you see they sent a command code 4 with a space after it, and the
router correctly recognize the atttribute value.
Aug 16 11:11:31.299: RADIUS: COA received from id 3 x.x.x.x:1700, CoA
Request, len 47
*Aug 16 11:11:31.299: COA: x.x.x.x request queued
*Aug 16 11:11:31.299: RADIUS: authenticator C5 E4 09 50 1F 02 2A 1D -
45 E7 A6 47 08 D2 53 19
*Aug 16 11:11:31.299: RADIUS: Vendor, Cisco [26] 17
*Aug 16 11:11:31.299: RADIUS: ssg-account-info [250] 11 "Sx.x.x.x"
*Aug 16 11:11:31.299: RADIUS: Vendor, Cisco [26] 10
*Aug 16 11:11:31.299: RADIUS: ssg-command-code [252] 4
*Aug 16 11:11:31.299: RADIUS: 04 20 [Account-Ping ]
<<=====
*Aug 16 11:11:31.299: ++++++ CoA Attribute List ++++++
Here is debug of my request, as you see router recognize this attribute
as its in ASCI format. I have also captured radius packets and its also
shows that Command-Code = 04 20. Is there any value that shows the
attribute value is binary or ASCI in the radius header?
radpwtst -s x.x.x.x -secret dr5mak -noauth -noacct -code
Change-Filter-Request -trace 4 -dictionary
/usr/share/doc/packages/Radiator/goodies/dictionary.cisco
Account-Info="Sx.x.x.x" Command-Code="04 20"
Tue Aug 19 08:46:54 2008: DEBUG: Reading dictionary file
'/usr/share/doc/packages/Radiator/goodies/dictionary.cisco'
sending Change-Filter-Request...
Tue Aug 19 08:46:54 2008: DEBUG: Packet dump:
*** Sending to x.x.x.x port x ....
Code: Change-Filter-Request
Identifier: 159
Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Attributes:
Account-Info = "Sx.x.x.x"
Command-Code = 04 20
Aug 18 12:35:40: RADIUS: COA received from id 95 x.x.x.x:33070, CoA
Request, len 55
Aug 18 12:35:40: COA: 193.192.100.200 request queued
Aug 18 12:35:40: RADIUS: authenticator 94 3A BC 82 6F 8B 09 03 - 44 0A
B7 FE 27 F3 A3 1A
Aug 18 12:35:40: RADIUS: Vendor, Cisco [26] 22
Aug 18 12:35:40: RADIUS: ssg-account-info [250] 16 "Sx.x.x.x"
Aug 18 12:35:40: RADIUS: Vendor, Cisco [26] 13
Aug 18 12:35:40: RADIUS: ssg-command-code [252] 7
Aug 18 12:35:40: RADIUS: 30 34 20 32 30 [Unknown 04 20]
Deniz AYDIN
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Tuesday, August 19, 2008 5:42 AM
To: Deniz Aydin
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] COA for Cisco ISG
Hello Deniz -
The Command-Code that you are sending is in fact an ASCII string - you
will see the same thing as both ASCII and binary.
What version of Radiator are you using? And what does the Cisco device
debug say is wrong?
You can see what radpwtst is sending by using "-trace 4" as a parameter
(you are just using "-trace" in what you show below).
regards
Hugh
On 18 Aug 2008, at 19:08, Deniz Aydin wrote:
> Hi,
> I have been tring to testing radpwtst utility.But there is
> some problem about the Command-Code attribute. Firstly I tried with
> ASCI mode command-code ;
>
> radpwtst -s x.x.x.x -secret x -noauth -noacct -code Change-Filter-
> Request -trace -dictionary /usr/share/doc/packages/Radiator/goodies/
> dictionary.cisco Account-Info="Sx.x.x.x.x" Command-
> Code="subscriber:command=account-status-query"
>
> And Cisco want me to try with binary mode command code. So I have
> changed dictionary file for Command-Code
> VENDORATTR 9 Command-Code 252 binary
>
> Is it enough for sending this attribute in binary mode, because when i
> look at cisco debugs, i am seeing that it recognize this as string.
>
> radpwtst -s x.x.x.x -secret x -noauth -noacct -code Change-Filter-
> Request -trace -dictionary /usr/share/doc/packages/Radiator/goodies/
> dictionary.cisco Account-Info="Sx.x.x.x" Command-Code="04 20"
>
> Deniz AYDIN
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER
translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list