Re: Dynamic IP assignment with CAR Resource Manager

joey-lin · ‎02-14-2003

Hi,

I'm trying to use CAR to assign IP to the user. But it doesn't work. So I add a second Resource Manager to limit the user session in the same Session Manager, this one works but the first Resource Manager which should assign IP to the user still not working. Can someone tell me how to fix it?

The following is the trace log for the test. I add the session/resource manager config in the end.

============= Trace Log==============

02/14/2003 11:24:44: P5316: Packet received from 172.20.253.34

02/14/2003 11:24:44: P5316: Trace of Access-Request packet

02/14/2003 11:24:44: P5316: identifier = 18

02/14/2003 11:24:44: P5316: length = 112

02/14/2003 11:24:44: P5316: reqauth = 46:a8:51:1c:2c:fe:e9:e0:ba:0e:fa:a2:16:df:4d:75

02/14/2003 11:24:44: P5316: User-Name = user1

02/14/2003 11:24:44: P5316: User-Password = 17:5d:85:40:10:fc:50:7c:43:23:4d:19:67:2f:0d:ce

02/14/2003 11:24:44: P5316: NAS-Port = 69

02/14/2003 11:24:44: P5316: Calling-Station-Id = 886916000001

02/14/2003 11:24:44: P5316: NAS-Identifier = testAAA

02/14/2003 11:24:44: P5316: Proxy-State = 46:a8:51:1c:2c:fe:e9:e0:ba:0e:fa:a2:16:df:4d:75:07:14:38:38:36:39:31:36:30:30:30:30:30:31

02/14/2003 11:24:44: P5316: NAS-Port-Type = Virtual

02/14/2003 11:24:44: P5316: Using Client: ssg1 (172.20.253.34)

02/14/2003 11:24:44: P5316: Using Vendor: Cisco

02/14/2003 11:24:44: P5316: Running Vendor Cisco's IncomingScript: CiscoIncomingScript

02/14/2003 11:24:44: P5316: Using Client ssg1 (172.20.253.34) as the NAS

02/14/2003 11:24:44: P5316: Authenticating and Authorizing with Service local-users

02/14/2003 11:24:44: P5316: Running Service local-users's IncomingScript: UseCLIDAsSessionKey

02/14/2003 11:24:44: P5316: Rex: environ->get( "Request-Type" ) -> "Access-Request"

02/14/2003 11:24:44: P5316: Rex: request->get( "Calling-Station-Id", 0 ) -> "886916000001"

02/14/2003 11:24:44: P5316: Rex: request->getBytes( "Calling-Station-Id", 0 ) -> 38:38:36:39:31:36:30:30:30:30:30:31

02/14/2003 11:24:44: P5316: Rex: environ->put( "Session-Key", "886916000001" ) -> TRUE

02/14/2003 11:24:44: P5316: Getting User user1's UserRecord from UserList Default

02/14/2003 11:24:44: P5316: User user1's password matches

02/14/2003 11:24:44: P5316: Merging BaseProfile test-profile into response dictionary

02/14/2003 11:24:44: P5316: Merging attributes into the Response Dictionary:

02/14/2003 11:24:44: P5316: Adding attribute Cisco-SSG-Account-Info, value = Ntest

02/14/2003 11:24:44: P5316: Adding attribute Cisco-SSG-Account-Info, value = Atest

02/14/2003 11:24:44: P5316: Adding attribute Cisco-SSG-Account-Info, value = Ninternet

02/14/2003 11:24:44: P5316: No default Remote Session Service defined.

02/14/2003 11:24:44: P5316: Using SessionManager ggsn-ip-session

02/14/2003 11:24:44: P5316: No session exists for 886916000001, creating one...

02/14/2003 11:24:44: P5316: Acquiring session for 886916000001...

02/14/2003 11:24:44: P5316: SessionManager ggsn-ip-session created Session S3 02/14/2003 11:24:44 NAS: testAAA, NAS-Port: 69, User-Name: user1, Session-Key: 886916000001

=============== The 2nd Resource Manager is working=========

02/14/2003 11:24:44: P5316: ResourceManager Per-User allocated a resource to Session S3: User count for "user1" incremented, now 1 out of 1

02/14/2003 11:24:44: P5316: Writing Session S3 to backing store.

02/14/2003 11:24:44: P5316: Releasing acquired Session S3

02/14/2003 11:24:44: P5316: SessionManager ggsn-ip-session done with packet

02/14/2003 11:24:44: P5316: Running Vendor Cisco's OutgoingScript: CiscoOutgoingScript

02/14/2003 11:24:44: P5316: Running Server's OutgoingScript: show-contents

02/14/2003 11:24:44: P5316: Tcl: request size -> 7

02/14/2003 11:24:44: P5316: Tcl: request firstKey -> User-Name

02/14/2003 11:24:44: P5316: Tcl: request get User-Name -> user1

02/14/2003 11:24:44: P5316: Tcl: request nextKey -> User-Password

02/14/2003 11:24:44: P5316: Tcl: request get User-Password -> user1

02/14/2003 11:24:44: P5316: Tcl: request nextKey -> NAS-Port

02/14/2003 11:24:44: P5316: Tcl: request get NAS-Port -> 69

02/14/2003 11:24:44: P5316: Tcl: request nextKey -> Calling-Station-Id

02/14/2003 11:24:44: P5316: Tcl: request get Calling-Station-Id -> 886916000001

02/14/2003 11:24:44: P5316: Tcl: request nextKey -> NAS-Identifier

02/14/2003 11:24:44: P5316: Tcl: request get NAS-Identifier -> testAAA

02/14/2003 11:24:44: P5316: Tcl: request nextKey -> Proxy-State

02/14/2003 11:24:44: P5316: Tcl: request get Proxy-State -> 46:a8:51:1c:2c:fe:e9:e0:ba:0e:fa:a2:16:df:4d:75:07:14:38:38:36:39:31:36:30:30:30:30:30:31

02/14/2003 11:24:44: P5316: Tcl: request nextKey -> NAS-Port-Type

02/14/2003 11:24:44: P5316: Tcl: request get NAS-Port-Type -> Virtual

02/14/2003 11:24:44: P5316: Tcl: response size -> 2

02/14/2003 11:24:44: P5316: Tcl: response firstKey -> Proxy-State

02/14/2003 11:24:44: P5316: Tcl: response get Proxy-State -> 46:a8:51:1c:2c:fe:e9:e0:ba:0e:fa:a2:16:df:4d:75:07:14:38:38:36:39:31:36:30:30:30:30:30:31

02/14/2003 11:24:44: P5316: Tcl: response nextKey -> Cisco-SSG-Account-Info

02/14/2003 11:24:44: P5316: Tcl: response get Cisco-SSG-Account-Info -> Ntest

02/14/2003 11:24:44: P5316: Tcl: environ size -> 15

02/14/2003 11:24:44: P5316: Tcl: environ firstKey -> Session-Manager

02/14/2003 11:24:44: P5316: Tcl: environ get Session-Manager -> ggsn-ip-session

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> User-Profile

02/14/2003 11:24:44: P5316: Tcl: environ get User-Profile -> test-profile

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Session-Key

02/14/2003 11:24:44: P5316: Tcl: environ get Session-Key -> 886916000001

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Authorization-Service

02/14/2003 11:24:44: P5316: Tcl: environ get Authorization-Service -> local-users

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Source-Port

02/14/2003 11:24:44: P5316: Tcl: environ get Source-Port -> 50741

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Source-IP-Address

02/14/2003 11:24:44: P5316: Tcl: environ get Source-IP-Address -> 172.20.253.34

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Authentication-Service

02/14/2003 11:24:44: P5316: Tcl: environ get Authentication-Service -> local-users

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Request-Type

02/14/2003 11:24:44: P5316: Tcl: environ get Request-Type -> Access-Request

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Script-Level

02/14/2003 11:24:44: P5316: Tcl: environ get Script-Level -> 6

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Trace-Level

02/14/2003 11:24:44: P5316: Tcl: environ get Trace-Level -> 5

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Provider-Identifier

02/14/2003 11:24:44: P5316: Tcl: environ get Provider-Identifier -> Default

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Allow-Null-Password

02/14/2003 11:24:44: P5316: Tcl: environ get Allow-Null-Password -> FALSE

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Request-Authenticator

02/14/2003 11:24:44: P5316: Tcl: environ get Request-Authenticator -> 46:a8:51:1c:2c:fe:e9:e0:ba:0e:fa:a2:16:df:4d:75

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Session-Notes

02/14/2003 11:24:44: P5316: Tcl: environ get Session-Notes ->

02/14/2003 11:24:44: P5316: Tcl: environ nextKey -> Response-Type

02/14/2003 11:24:44: P5316: Tcl: environ get Response-Type -> Access-Accept

02/14/2003 11:24:44: P5316: Trace of Access-Accept packet

02/14/2003 11:24:44: P5316: identifier = 18

02/14/2003 11:24:44: P5316: length = 95

02/14/2003 11:24:44: P5316: reqauth = a4:93:d3:26:e1:99:5b:30:dd:ad:e3:3c:0c:fd:80:d5

02/14/2003 11:24:44: P5316: Proxy-State = 46:a8:51:1c:2c:fe:e9:e0:ba:0e:fa:a2:16:df:4d:75:07:14:38:38:36:39:31:36:30:30:30:30:30:31

02/14/2003 11:24:44: P5316: Cisco-SSG-Account-Info = Ntest

02/14/2003 11:24:44: P5316: Cisco-SSG-Account-Info = Atest

02/14/2003 11:24:44: P5316: Cisco-SSG-Account-Info = Ninternet

02/14/2003 11:24:44: P5316: Sending response to 172.20.253.34

02/14/2003 11:25:15: P5319: Packet received from 172.20.254.7

02/14/2003 11:25:15: P5319: Trace of Replication-Partner-Sync packet

02/14/2003 11:25:15: P5319: identifier = 250

02/14/2003 11:25:15: P5319: length = 38

02/14/2003 11:25:15: P5319: reqauth = b6:5e:2d:4a:87:c6:02:4a:54:9d:75:78:a0:24:2a:88

02/14/2003 11:25:15: P5319: attribute-92 = ac:14:fe:07

02/14/2003 11:25:15: P5319: attribute-93 = ac:14:fe:06

02/14/2003 11:25:15: P5319: attribute-103 = ac:14:fe:07

02/14/2003 11:26:15: P5322: Packet received from 172.20.254.7

02/14/2003 11:26:15: P5322: Trace of Replication-Partner-Sync packet

02/14/2003 11:26:15: P5322: identifier = 250

02/14/2003 11:26:15: P5322: length = 38

02/14/2003 11:26:15: P5322: reqauth = b5:8e:d7:86:1c:78:1b:a1:92:91:02:0f:98:76:7c:51

02/14/2003 11:26:15: P5322: attribute-92 = ac:14:fe:07

02/14/2003 11:26:15: P5322: attribute-93 = ac:14:fe:06

02/14/2003 11:26:15: P5322: attribute-103 = ac:14:fe:07

02/14/2003 11:27:15: P5325: Packet received from 172.20.254.7

02/14/2003 11:27:15: P5325: Trace of Replication-Partner-Sync packet

02/14/2003 11:27:15: P5325: identifier = 250

02/14/2003 11:27:15: P5325: length = 38

02/14/2003 11:27:15: P5325: reqauth = b5:03:33:7a:c3:36:58:24:19:9b:c8:81:b2:67:f1:64

02/14/2003 11:27:15: P5325: attribute-92 = ac:14:fe:07

02/14/2003 11:27:15: P5325: attribute-93 = ac:14:fe:06

02/14/2003 11:27:15: P5325: attribute-103 = ac:14:fe:07

=================================================

[ //localhost/Radius ]

Name = Radius

Description = SSG-CAR-Group

Version = 3.0R1

IncomingScript~ =

OutgoingScript~ = show-contents

DefaultAuthenticationService~ = local-users

DefaultAuthorizationService~ = local-users

DefaultAccountingService~ = local-file

DefaultSessionService~ =

DefaultSessionManager~ = ggsn-ip-session

UserLists/

UserGroups/

Policies/

Clients/

Vendors/

Scripts/

Services/

SessionManagers/

ResourceManagers/

Profiles/

Rules/

Translations/

TranslationGroups/

RemoteServers/

Advanced/

Replication/

--> ls SessionManagers/ggsn-ip-session

[ SessionManagers/ggsn-ip-session ]

Name = ggsn-ip-session

Description =

AllowAccountingStartToCreateSession = FALSE

ResourceManagers/

--> ls SessionManagers/ggsn-ip-session/ResourceManagers

[ SessionManagers/ggsn-ip-session/ResourceManagers ]

1. ggsn-ip-pool

2. Per-User

--> ls ResourceManagers/ggsn-ip-pool

[ ResourceManagers/ggsn-ip-pool ]

Name = ggsn-ip-pool

Description =

Type = ip-dynamic

NetMask = 255.255.0.0

AllowOverlappedIPAddresses = FALSE

IPAddresses/

--> ls ResourceManagers/ggsn-ip-pool/IPAddresses

[ ResourceManagers/ggsn-ip-pool/IPAddresses ]

Entries 1 to 1 from 1 total entries

Current filter: <all>

10.60.0.1-10.60.255.254

--> ls ResourceManagers/Per-User

[ ResourceManagers/Per-User ]

Name = Per-User

Description =

Type = user-session-limit

UserSessionLimit = 1

--> query-sessions /radius/SessionManagers/ggsn-ip-session

Sessions for /Radius/SessionManagers/ggsn-ip-session:

S3 Key: 886916000001, NAS: testAAA, NAS-Port: 69, User-Name: user1, Time: 00:08:17, USL 1

thomas.chen · ‎02-21-2003

Here's how I assign a static address for user1. as far as I know, you have to create a separate

profile for each user, since we cannot put attributes under the user.

[ //localhost/Radius/Profiles/user1/Attributes ]

Framed-IP-Address = 10.1.1.3

framed-protocol = ppp

service-type = framed

and under

[ //localhost/Radius/UserLists ]

[ localusers ]

Entries 1 to 5 from 5 total entries

Current filter:

Name = localusers

Description =

dave/

fred/

tester1/

user1/

[ localusers/user1 ]

Name = user1

Description =

Password =

Enabled = TRUE

Group~ =

BaseProfile~ = user1

AuthenticationScript~ =

AuthorizationScript~ =

UserDefined1 =

AllowNullPassword = FALSE

joey-lin · ‎02-24-2003

Thanks. The problem was solved. Service type is the major cause.