[RADIATOR] COA for Cisco ISG
Hugh Irvine
hugh at open.com.au
Tue Aug 19 04:14:26 CDT 2008
Hello Deniz -
Thanks for the additional information.
Can you please send us a reference to the Cisco documentation that
describes the format of this attribute?
The Cisco debug appears to show that this is 2 octets with values of
"04" and "20".
You can see additional detail from radpwtst by using "-trace 5".
regards
Hugh
On 19 Aug 2008, at 15:28, Deniz Aydin wrote:
> Hi Hugh,
> Version is 4.2.
> Here there is working debug i got from cisco.
> As you see they sent a command code 4 with a space after it, and the
> router correctly recognize the atttribute value.
>
> Aug 16 11:11:31.299: RADIUS: COA received from id 3 x.x.x.x:1700, CoA
> Request, len 47
> *Aug 16 11:11:31.299: COA: x.x.x.x request queued
> *Aug 16 11:11:31.299: RADIUS: authenticator C5 E4 09 50 1F 02 2A 1D -
> 45 E7 A6 47 08 D2 53 19
> *Aug 16 11:11:31.299: RADIUS: Vendor, Cisco [26] 17
> *Aug 16 11:11:31.299: RADIUS: ssg-account-info [250] 11
> "Sx.x.x.x"
> *Aug 16 11:11:31.299: RADIUS: Vendor, Cisco [26] 10
> *Aug 16 11:11:31.299: RADIUS: ssg-command-code [252] 4
> *Aug 16 11:11:31.299: RADIUS: 04 20 [Account-Ping ]
> <<=====
> *Aug 16 11:11:31.299: ++++++ CoA Attribute List ++++++
>
> Here is debug of my request, as you see router recognize this
> attribute
> as its in ASCI format. I have also captured radius packets and its
> also
> shows that Command-Code = 04 20. Is there any value that shows the
> attribute value is binary or ASCI in the radius header?
>
> radpwtst -s x.x.x.x -secret dr5mak -noauth -noacct -code
> Change-Filter-Request -trace 4 -dictionary
> /usr/share/doc/packages/Radiator/goodies/dictionary.cisco
> Account-Info="Sx.x.x.x" Command-Code="04 20"
> Tue Aug 19 08:46:54 2008: DEBUG: Reading dictionary file
> '/usr/share/doc/packages/Radiator/goodies/dictionary.cisco'
> sending Change-Filter-Request...
> Tue Aug 19 08:46:54 2008: DEBUG: Packet dump:
> *** Sending to x.x.x.x port x ....
> Code: Change-Filter-Request
> Identifier: 159
> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
> Account-Info = "Sx.x.x.x"
> Command-Code = 04 20
>
>
> Aug 18 12:35:40: RADIUS: COA received from id 95 x.x.x.x:33070, CoA
> Request, len 55
> Aug 18 12:35:40: COA: 193.192.100.200 request queued
> Aug 18 12:35:40: RADIUS: authenticator 94 3A BC 82 6F 8B 09 03 -
> 44 0A
> B7 FE 27 F3 A3 1A
> Aug 18 12:35:40: RADIUS: Vendor, Cisco [26] 22
> Aug 18 12:35:40: RADIUS: ssg-account-info [250] 16 "Sx.x.x.x"
> Aug 18 12:35:40: RADIUS: Vendor, Cisco [26] 13
> Aug 18 12:35:40: RADIUS: ssg-command-code [252] 7
> Aug 18 12:35:40: RADIUS: 30 34 20 32 30 [Unknown 04 20]
>
>
>
>
> Deniz AYDIN
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, August 19, 2008 5:42 AM
> To: Deniz Aydin
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] COA for Cisco ISG
>
>
> Hello Deniz -
>
> The Command-Code that you are sending is in fact an ASCII string - you
> will see the same thing as both ASCII and binary.
>
> What version of Radiator are you using? And what does the Cisco device
> debug say is wrong?
>
> You can see what radpwtst is sending by using "-trace 4" as a
> parameter
> (you are just using "-trace" in what you show below).
>
> regards
>
> Hugh
>
>
> On 18 Aug 2008, at 19:08, Deniz Aydin wrote:
>
>> Hi,
>> I have been tring to testing radpwtst utility.But there is
>> some problem about the Command-Code attribute. Firstly I tried with
>> ASCI mode command-code ;
>>
>> radpwtst -s x.x.x.x -secret x -noauth -noacct -code Change-Filter-
>> Request -trace -dictionary /usr/share/doc/packages/Radiator/goodies/
>> dictionary.cisco Account-Info="Sx.x.x.x.x" Command-
>> Code="subscriber:command=account-status-query"
>>
>> And Cisco want me to try with binary mode command code. So I have
>> changed dictionary file for Command-Code
>> VENDORATTR 9 Command-Code 252
>> binary
>>
>> Is it enough for sending this attribute in binary mode, because
>> when i
>
>> look at cisco debugs, i am seeing that it recognize this as string.
>>
>> radpwtst -s x.x.x.x -secret x -noauth -noacct -code Change-Filter-
>> Request -trace -dictionary /usr/share/doc/packages/Radiator/goodies/
>> dictionary.cisco Account-Info="Sx.x.x.x" Command-Code="04 20"
>>
>> Deniz AYDIN
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list