Identity and Policy Control
Reply
Contributor
Terebok
Posts: 57
Registered: ‎12-17-2010
0

Modifying values of RADIUS attributes passed to back-end authentication server

Hello community,

I would apreciate if smb would be able to answer the following question: is there any way of modifying the values of RADIUS

attributes received from the network equipment when passing them to the back-end authentication server?

The purpose for that is letting the back-end server think of SRC-PE cluster as a single entity, so no matter which controller sends the authorization or the accounting requests, NAS-IP-ADDRESS must be the same. 

 

Configuration examples are much appreciated :robothappy:

 

 

 

Kind regards,

Evgeny 

 

 

 

Super Contributor
apaul
Posts: 151
Registered: ‎11-06-2009
0

Re: Modifying values of RADIUS attributes passed to back-end authentication server

Hi,

I think filters in SBR should help.

A filter is a collection of rules for adding, modifying, or removing attributes or attribute values in RADIUS requests and responses.

Ashish Paul
Contributor
Terebok
Posts: 57
Registered: ‎12-17-2010
0

Re: Modifying values of RADIUS attributes passed to back-end authentication server

Thank you! 

I think there's another solution here. I may use a single .acc file for both SRCs and specify a value for the appropriate DB column in static manner ('1.1.1.1').

 

/ET

Super Contributor
apaul
Posts: 151
Registered: ‎11-06-2009
0

Re: Modifying values of RADIUS attributes passed to back-end authentication server

Did you got a chance to test the INSERT statement using static values.

As far as my understanding goes, Values section of accounting files only support RADIUS accounting attribute and pre-defined SBR items.

 

 

Ashish Paul
Contributor
Terebok
Posts: 57
Registered: ‎12-17-2010
0

Re: Modifying values of RADIUS attributes passed to back-end authentication server

Yep, I tried using static values instead of %variable or @attribute-name. 

Seems like working.  :cathappy:

 

Evgeny

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.