12-10-2012 05:27 AM
Hi,
I'm traying to implement dynamic authorization and Per-User QoS.
What I have already done is that I can send rate-limit interface command via Radius AVpairs and it works.
Now what I want to do is that I want to change rate-limit without disconnecting user sessions (PPPoE Session), as far as I know it should be possible with CoA request.
my problem is that , when I send CoA to Router , I recieve CoA-NAK , and it doesn't work.
Here is sample CoA packet that I'm sending to router:
root@LinuxBox:/var/tmp# radclient -f f2 -xxx 192.168.19.123:1700 coa nasser
Sending CoA-Request of id 121 to 192.168.19.123 port 1700
User-Name = "testpppuser"
Service-Type = Framed-User
Framed-Protocol = PPP
Cisco-AVPair = "lcp:interface-config=rate-limit output 512000 48000 96000 conform-action continue exceed-action drop"
Code: 43
Id: 121
Length: 153
Vector: ca0be61b3c55f8754b228c87efb2edb5
Data: 01 0d 74 65 73 74 70 70 70 75 73 65 72
06 06 00 00 00 02
07 06 00 00 00 01
1a 6c 00 00 00 09 01 66 6c 63 70 3a 69 6e 74 65 72 66
61 63 65 2d 63 6f 6e 66 69 67 3d 72 61 74 65 2d
6c 69 6d 69 74 20 6f 75 74 70 75 74 20 35 31 32
30 30 30 20 34 38 30 30 30 20 39 36 30 30 30 20
63 6f 6e 66 6f 72 6d 2d 61 63 74 69 6f 6e 20 63
6f 6e 74 69 6e 75 65 20 65 78 63 65 65 64 2d 61
63 74 69 6f 6e 20 64 72 6f 70
rad_recv: CoA-NAK packet from host 192.168.19.123 port 1700, id=121, length=26
Code: 45
Id: 121
Length: 26
Vector: 0aba40210b66fd6e975426d36c38186a
Data: 65 06 00 00 00 c8
Error-Cause = 200
also here is router log :
lab1r1#
*Dec 10 16:54:08.511: COA: 192.168.19.28 request queued
*Dec 10 16:54:08.515: RADIUS: authenticator 11 E2 A0 0D 6A 01 09 02 - FA 30 85 27 1B 93 86 01
*Dec 10 16:54:08.515: RADIUS: User-Name [1] 13 "testpppuser"
*Dec 10 16:54:08.515: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 10 16:54:08.519: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Dec 10 16:54:08.519: RADIUS: Vendor, Cisco [26] 108
*Dec 10 16:54:08.519: RADIUS: Cisco AVpair [1] 102 "lcp:interface-config=rate-limit output 512000 48000 96000 conform-action continue exceed-action drop"
*Dec 10 16:54:08.523: AAA/ATTR(00000005): new list: 0x669D1A04
*Dec 10 16:54:08.523: AAA/ATTR(00000000): cursor init: 66B825B8 669D1A04 none none
*Dec 10 16:54:08.523: AAA/ATTR(00000000): add attr: 669D1A14 0 00000009 username(395) 11 testpppuser
*Dec 10 16:54:08.527: AAA/ATTR(00000000): new list: 0x669D16C4 prev list: 0x669D1A04
*Dec 10 16:54:08.527: AAA/ATTR(00000000): add attr: 669D16D4 0 00000001 service-type(302) 4 Framed
*Dec 10 16:54:08.527: AAA/ATTR(00000000): add attr: 669D16E4 0 00000001 Framed-Protocol(101) 4 PPP
*Dec 10 16:54:08.531: AAA/ATTR(00000000): add attr: 669D16F4 0 00000009 interface-config(195) 79 rate-limit output 512000 48000 96000 conform-action continue exceed-action drop
*Dec 10 16:54:08.535: ++++++ CoA Attribute List ++++++
*Dec 10 16:54:08.535: AAA/ATTR(00000000): cursor init: 66B825B8 669D1A04 none none
*Dec 10 16:54:08.535: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.535: AAA/ATTR(00000000): username ok
*Dec 10 16:54:08.535: 669D1A14 0 00000009 username(395) 11 testpppuser
*Dec 10 16:54:08.539: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.539: AAA/ATTR(00000000): service-type ok
*Dec 10 16:54:08.539: 669D16D4 0 00000001 service-type(302) 4 Framed
*Dec 10 16:54:08.543: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.543: AAA/ATTR(00000000): Framed-Protocol ok
*Dec 10 16:54:08.543: 669D16E4 0 00000001 Framed-Protocol(101) 4 PPP
*Dec 10 16:54:08.547: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.547: AAA/ATTR(00000000): interface-config protocol:lcp ok
*Dec 10 16:54:08.547: 669D16F4 0 00000009 interface-config(195) 79 rate-limit output 512000 48000 96000 conform-action continue exceed-action drop
*Dec 10 16:54:08.551: AAA/ATTR(00000000): find next matching service=none, protocol=none
*Dec 10 16:54:08.551: AAA/ATTR(00000000): not found
*Dec 10 16:54:08.551:
*Dec 10 16:54:08.551: AAA/API(00000000): aaa_req_alloc(), pc 0x61A3808C, enter {
*Dec 10 16:54:08.555: AAA/API(00000000): } aaa_req_alloc()
*Dec 10 16:54:08.555: AAA/ATTR(00000000): cursor init: 66B824B8 669D1A04 none unknown
*Dec 10 16:54:08.555: AAA/ATTR(00000000): find: ssg-command-code(431): not found
*Dec 10 16:54:08.559: COA: Added NACK Error Cause: Success
*Dec 10 16:54:08.559: COA: Sending NAK from port 1700 to 192.168.19.28/46960
*Dec 10 16:54:08.559: RADIUS: 101 6 000000C8
*Dec 10 16:54:08.563: AAA/ATTR(00000000): free all lists: 0x669D1A04
*Dec 10 16:54:08.563: AAA/ATTR(00000000): del attr: 669D1A14 0 00000009 username(395) 11 testpppuser0x669D16C4
*Dec 10 16:54:08.567: AAA/ATTR(00000000): del attr: 669D16D4 0 00000001 service-type(302) 4 Framed
*Dec 10 16:54:08.567: AAA/ATTR(00000000): del attr: 669D16E4 0 00000001 Framed-Protocol(101) 4 PPP
*Dec 10 16:54:08.571: AAA/ATTR(00000000): del attr: 669D16F4 0 00000009 interface-config(195) 79 rate-limit output 512000 48000 96000 conform-action continue exceed-action drop
Does any body has any Idea?
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide