Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
983
Views
0
Helpful
4
Replies

ASR 9912 IOS-XR NAS-Identifier Configuration

arshink
Level 1
Level 1

‎01-23-2017 01:28 AM

Hi guys,

how can I set and send NAS-Identifier attribute to a AAA server, for example , suppose that I have the following scenario:

    AAA-server address: 1.1.1.1

    My favorite string for NAS-Identifier which should be send: MY-ASR-9912

Thanks

Labels:
0 Helpful
4 Replies 4

Aleksandar Vidakovic
Cisco Employee
Cisco Employee

‎01-23-2017 03:00 AM

you can use this approach:

aaa attribute format AAA-AF
 format-string length 253 "%s@MY-ASR-9912" client-mac-address
!
policy-map type control subscriber IPoE
 event session-start match-first
  class type control subscriber IPoE do-until-failure
   10 activate dynamic-template IPoE
   30 authorize aaa list default format AAA-AF password cisco

hope this helps,

/Aleksandar

0 Helpful

arshink
Level 1
Level 1
In response to Aleksandar Vidakovic

‎01-23-2017 09:57 PM

Thank you Aleksandar, I'm going to try that.

0 Helpful

arshink
Level 1
Level 1
In response to Aleksandar Vidakovic

‎01-25-2017 04:23 AM

Dear Aleksandar,

I tried it but, still my ASR sends its current host-name as NAS-Identifier in debug-output:

debug radius

...

RADIUS:  Nas-Identifier      [32]    18      IMS.ASR

...

--------------------------------------------------------------------------------------------------------------------------

For more clarity, I send partial related configuration:

....

radius-server vsa attribute ignore unknown
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813
 key 7 ...
!
aaa server radius dynamic-author
 port 3799
 client 1.1.1.1 vrf default
  server-key 7 ...
 !
!

aaa group server radius TEST
 server 1.1.1.1 auth-port 1812 acct-port 1813
 source-interface GigabitEthernet0/0/0/9

aaa attribute format AAA-AF
 format-string length 253 "%s@MY-ASR-9912" client-mac-address
!
!
aaa authentication subscriber default group TEST
aaa accounting subscriber default group TEST
!
class-map type control subscriber match-all PPPoE
 match protocol ppp
 end-class-map
!
dynamic-template
 type ppp PPPoE_General
  ppp prot-reject-timeout 2
  ppp authentication chap pap
  ppp lcp delay 10
  keepalive 60 3
  ppp ipcp dns 192.168.1.5
  ppp ipcp mask 255.255.255.255  ppp ipv6cp prot-rej
  vrf CUSTOMERS
  accounting aaa list default type session periodic-interval 15
  ipv4 mtu 1492
  ipv6 unreachables disable
 !
 type ppp pppoe_session_olt_2
  ppp ipcp peer-address pool IPv4_PPPoE_2
  vrf CUSTOMERS
  ipv4 unnumbered Loopback100
 !
!
!
policy-map type control subscriber pppoe_session_olt_2
 event session-start match-all
  class type control subscriber PPPoE do-all
   1 activate dynamic-template PPPoE_General
   2 activate dynamic-template pppoe_session_olt_2
  !
 !
 event session-activate match-first
  class type control subscriber PPPoE do-until-failure
   10 authenticate aaa list default
   20 authorize aaa list default format AAA-AF password ...
  !
 !
 end-policy-map
!

0 Helpful

Aleksandar Vidakovic
Cisco Employee
Cisco Employee
In response to arshink

‎01-25-2017 08:49 AM

ah, I understood that you wanted to include it in the username sent to Radius. If you explicitly want to manipulate the NAS ID, you can still use the same approach:

aaa attribute format Nas-ID
 format-string length 253 "MY-ASR-9912"
!
aaa radius attribute nas-identifier format Nas-ID

/Aleksandar

0 Helpful
Customers Also Viewed These Support Documents