[RADIATOR] Radius SLA profile and Cisco ASR
Hugh Irvine
hugh at open.com.au
Tue May 23 07:11:28 UTC 2017
Hello Rohan -
Thanks - cisco-avpair is always “interesting”.
regards
Hugh
> On 10 May 2017, at 03:08, rohan.henry cwjamaica.com <rohan.henry at cwjamaica.com> wrote:
>
> Hello Hugh,
>
> The Cisco ASR 1000 successfully created a session for a modem when the following is defined in Radius.
>
> Code: Access-Accept
> Identifier: 214
> Authentic: +<198><29><144><237><239>tWW<167><224><206><243><225><189><231>
> Attributes:
> cisco-avpair = "nas-rx-speed=4Mbps"
> cisco-avpair = "nas-tx-speed=10Mbps"
>
> Regards,
> Rohan
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Rohan Henry" <rohan.henry at cwjamaica.com>
> Cc: radiator at open.com.au
> Sent: Tuesday, November 22, 2016 11:45:56 PM
> Subject: Re: [RADIATOR] Radius SLA profile and Cisco ASR
>
> Hello Rohan -
>
> Yes I would have expected the first two replies to be equivalent.
>
> The third one however doesn’t make sense, as you have observed.
>
> For the accounting, it is sometimes the case with Cisco gear that you don’t get sensible data in the accounting start, but you do get it in the first and following accounting alives.
>
> Please let me know how you get on, and what the solution turns out to be.
>
> regards
>
> Hugh
>
>
>> On 23 Nov. 2016, at 11:36, rohan.henry cwjamaica.com <rohan.henry at cwjamaica.com> wrote:
>>
>> Thanks Hugh,
>>
>> It doesn't appear that there is any issue with my Radius reply config.
>>
>> When my Radius reply config is:
>> cisco-Policy-Up = "4Mbps",cisco-Policy-Down = "16Mbps"
>>
>> The ASR output is:
>> USER ATTRIBUTES
>>
>> addr 0 63.245.120.110
>> route 0 "63.245.120.110 255.255.255.255 "
>> sub-policy-In 0 "4Mbps"
>> sub-policy-Out 0 "16Mbps"
>> timeout 0 604800 (0x93A80)
>>
>>
>>
>> When I changed to cisco-avpair:
>> cisco-avpair = "sub-policy-In=4Mbps",cisco-avpair = "sub-policy-In=16Mbps"
>>
>>
>> The output on the ASR is the same:
>>
>> USER ATTRIBUTES
>>
>> addr 0 63.245.120.110
>> route 0 "63.245.120.110 255.255.255.255 "
>> sub-policy-In 0 "4Mbps"
>> sub-policy-Out 0 "16Mbps"
>> timeout 0 604800 (0x93A80)
>>
>> However the ASR displays nothing when the following is used:
>>
>> cisco-avpair = "cisco-Policy-Up=4Mbps",cisco-avpair = "cisco-Policy-Down=16Mbps"
>>
>>
>> Note: The above tests are from ASR directly but wanted to confirm I have Radius Reply items configured properly. The issue is that the ASR is not sending accounting requests when a modem tries to authenticate. We are moving from Cisco CAR to Radiator. Working with Cisco Support.
>>
>> Regards,
>> Rohan
>>
>> ----- Original Message -----
>> From: "Hugh Irvine" <hugh at open.com.au>
>> To: "Rohan Henry" <rohan.henry at cwjamaica.com>
>> Cc: radiator at open.com.au
>> Sent: Tuesday, November 22, 2016 4:57:11 PM
>> Subject: Re: [RADIATOR] Radius SLA profile and Cisco ASR
>>
>> Hello Rohan -
>>
>> The Radiator dictionary contains these definitions, which match what you show below:
>>
>>
>> VENDORATTR 9 cisco-Policy-Up 37 string
>> VENDORATTR 9 cisco-Policy-Down 38 string
>>
>>
>> However, you will need to check with Cisco for the correct format of the strings.
>>
>> It is also often the case that you need to use the “cisco-avpair” attribute, but again, you will need to check with Cisco.
>>
>> You will also need to do some experiments, because sometimes the official information is incorrect.
>>
>> Watching a debug on the Cisco device while you send the RADIUS access accept is probably the best way to see what is going on.
>>
>> regards
>>
>> Hugh
>>
>>
>>> On 23 Nov. 2016, at 08:42, rohan.henry cwjamaica.com <rohan.henry at cwjamaica.com> wrote:
>>>
>>> Hello All,
>>>
>>> Are the following the correct VSA's to use with Cisco ASR (1000) to define broadband user speed?
>>>
>>> cisco-Policy-Up = "4Mbps"
>>> cisco-Policy-Down = "16Mbps"
>>>
>>> Thanks.
>>>
>>> Regards,
>>> Rohan
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at lists.open.com.au
>>> http://lists.open.com.au/mailman/listinfo/radiator
>>
>>
>> --
>>
>> Hugh Irvine
>> hugh at open.com.au
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER, SIM, etc.
>> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at lists.open.com.au
>> http://lists.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> hugh at open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list