[RADIATOR] Radius SLA profile and Cisco ASR

rohan.henry cwjamaica.com rohan.henry at cwjamaica.com
Wed Nov 23 00:36:49 UTC 2016 

Thanks Hugh,

It doesn't appear that there is any issue with my Radius reply config.

When my Radius reply config is:
cisco-Policy-Up = "4Mbps",cisco-Policy-Down = "16Mbps"

The ASR output is:
USER ATTRIBUTES

addr                 0   63.245.120.110
route                0   "63.245.120.110 255.255.255.255 "
sub-policy-In        0   "4Mbps"
sub-policy-Out       0   "16Mbps"
timeout              0   604800 (0x93A80)



When I changed to cisco-avpair:
cisco-avpair = "sub-policy-In=4Mbps",cisco-avpair = "sub-policy-In=16Mbps"


The output on the ASR is the same:

USER ATTRIBUTES

addr                 0   63.245.120.110
route                0   "63.245.120.110 255.255.255.255 "
sub-policy-In        0   "4Mbps"
sub-policy-Out       0   "16Mbps"
timeout              0   604800 (0x93A80)

However the ASR displays nothing when the following is used:

cisco-avpair = "cisco-Policy-Up=4Mbps",cisco-avpair = "cisco-Policy-Down=16Mbps"


Note: The above tests are from ASR directly but wanted to confirm I have Radius Reply items configured properly. The issue is that the ASR is not sending accounting requests when a modem tries to authenticate. We are moving from Cisco CAR to Radiator. Working with Cisco Support. 

Regards,
Rohan

----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Rohan Henry" <rohan.henry at cwjamaica.com>
Cc: radiator at open.com.au
Sent: Tuesday, November 22, 2016 4:57:11 PM
Subject: Re: [RADIATOR] Radius SLA profile and Cisco ASR

Hello Rohan -

The Radiator dictionary contains these definitions, which match what you show below:


VENDORATTR      9       cisco-Policy-Up                 37      string
VENDORATTR      9       cisco-Policy-Down               38      string


However, you will need to check with Cisco for the correct format of the strings.

It is also often the case that you need to use the “cisco-avpair” attribute, but again, you will need to check with Cisco.

You will also need to do some experiments, because sometimes the official information is incorrect.

Watching a debug on the Cisco device while you send the RADIUS access accept is probably the best way to see what is going on.

regards

Hugh


> On 23 Nov. 2016, at 08:42, rohan.henry cwjamaica.com <rohan.henry at cwjamaica.com> wrote:
> 
> Hello All,
> 
> Are the following the correct VSA's to use with Cisco ASR (1000) to define broadband user speed?
> 
> cisco-Policy-Up = "4Mbps"
> cisco-Policy-Down = "16Mbps"
> 
> Thanks.
> 
> Regards,
> Rohan
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list