Junos
Highlighted
Junos

Attributes error from radius server.

‎11-29-2018 10:38 PM

I have an problem that is: 

On radius server: I filled attribute is: 

I show log on MX80: Framed-IP-Route-Tag (Juniper-ERX-VSA), Err:"Attribute length is invalid" Decoded-val:0(0x0)

I don't know why it occured.

Please help me. Thanks very much

14 REPLIES 14
Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 10:46 PM

HI,

 

May i know why are you using/returning "ERX-Framed-Ip-Route-Tag" VSA from radius?

Are you trying to assign "framed-ip-adress" VSA?

 

 

/Karan Dhanak
Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 10:47 PM

you can use "Framed-Route" for pushing framed route..

 

Sample:

Framed-Route := "10.10.10.1/30 0.0.0.0"

-
VR
# Please mark my solution as accepted if it helped, Kudos are appreciated as well.
Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 10:49 PM
@karand wrote:

HI,

 

May i know why are you using/returning "ERX-Framed-Ip-Route-Tag" VSA from radius?

Are you trying to assign "framed-ip-adress" VSA?

 

 I try to set ip route for a subscriber so I use ERX-Framed-Ip-Route-Tag. My Bras is MX80


Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 10:56 PM

 I try to set ip route for a subscriber so I use ERX-Framed-Ip-Route-Tag. My Bras is MX80

Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 11:07 PM

@vishruth wrote:

you can use "Framed-Route" for pushing framed route..

 

Sample:

Framed-Route := "10.10.10.1/30 0.0.0.0"


I try it again, but my problem was not solved 

Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 11:10 PM

Hi,

 

How is your dyanmic-profile looks like? Please configure like below and use the Framed-Route attribute.

 

pppoe {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
routing-options {
access {
route $junos-framed-route-ip-address-prefix {
next-hop "$junos-framed-route-nexthop";
metric "$junos-framed-route-cost";
}
}
access-internal {
route $junos-subscriber-ip-address {
qualified-next-hop "$junos-interface-name";
}
}
}
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
no-traps;
ppp-options {
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
family inet {
unnumbered-address "$junos-loopback-interface";
}
}
}
}
}

 

Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 11:12 PM

Hi PhanNgocDuy,

 

was there any error noticed?

Can you share authd logs ..

-
VR
# Please mark my solution as accepted if it helped, Kudos are appreciated as well.
Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 11:27 PM

 


@rnayar wrote:

Hi,

 

How is your dyanmic-profile looks like? Please configure like below and use the Framed-Route attribute.

 

pppoe {
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
routing-options {
access {
route $junos-framed-route-ip-address-prefix {
next-hop "$junos-framed-route-nexthop";
metric "$junos-framed-route-cost";
}
}
access-internal {
route $junos-subscriber-ip-address {
qualified-next-hop "$junos-interface-name";
}
}
}
}
}
interfaces {
pp0 {
unit "$junos-interface-unit" {
no-traps;
ppp-options {
pap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
family inet {
unnumbered-address "$junos-loopback-interface";
}
}
}
}
}

 


This my dynamic-profile:

 

PPPoe-Profile {
interfaces {
pp0 {
unit "$junos-interface-unit" {
ppp-options {
chap;
}
pppoe-options {
underlying-interface "$junos-underlying-interface";
server;
}
keepalives interval 30;
family inet {
rpf-check;
filter {
input "$junos-input-filter";
output "$junos-output-filter";
}
unnumbered-address lo0.0;
}
}
}
}
routing-options {
access {
route $junos-framed-route-ip-address-prefix next-hop "$junos-framed-route-nexthop";
}
access-internal {
route $junos-subscriber-ip-address {
qualified-next-hop "$junos-interface-name";
}
}
}
}
Q-in-Q-VLAN {
interfaces {
demux0 {
unit "$junos-interface-unit" {
vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
demux-options {
underlying-interface "$junos-interface-ifd-name";
}
family pppoe {
access-concentrator VNTT-SERVICES;
duplicate-protection;
dynamic-profile PPPoe-Profile;
}
}
}
}
}
SVLAN {
interfaces {
demux0 {
unit "$junos-interface-unit" {
vlan-id "$junos-vlan-id";
demux-options {
underlying-interface "$junos-interface-ifd-name";
}
family pppoe {
access-concentrator VNTT-SERVICES;
duplicate-protection;
dynamic-profile PPPoe-Profile;
}
}
}
}
}

And I was used framed-route attributes, but this is not ok 

Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 11:29 PM

Please change your profile with the sample shared.

Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 11:29 PM

@vishruth wrote:

Hi PhanNgocDuy,

 

was there any error noticed?

Can you share authd logs ..


This is my log file: 

Nov 30 14:56:11.052455 AuthFsm::current state=AuthInit(0) event=1 astEntry=0x2cc85b0 aaa msg=0x22b9b64 session-id:3918
Nov 30 14:56:11.052500 ###################################################################
Nov 30 14:56:11.052532 ########################### AUTH REQ RCVD #########################
Nov 30 14:56:11.052591 ###################################################################
Nov 30 14:56:11.052622 Auth-FSM: Process Auth-Request for session-id:3918
Nov 30 14:56:11.052656 Framework: Starting authentication
Nov 30 14:56:11.052692 authd_advance_module_for_aaa_request_msg: result:0
Nov 30 14:56:11.052748 Authd module start session-id:3918
Nov 30 14:56:11.052782 authd_radius_start_auth: Starting RADIUS authentication session-id:3918
Nov 30 14:56:11.052897 authd_radius_build_basic_auth_request: session-id:3918 profile=RADIUS, username=cty02
Nov 30 14:56:11.052939 radius-access-request: User-Name added: cty02
Nov 30 14:56:11.052984 dup_type: 0 effective profile RADIUS
Nov 30 14:56:11.053238 radius-access-request: Service-Type added: 2
Nov 30 14:56:11.053300 radius-access-request: Framed-Protocol added: 1
Nov 30 14:56:11.053348 radius-access-request: CHAP-Password added: ""
Nov 30 14:56:11.053393 radius-access-request: CHAP-Challenge added: ""
Nov 30 14:56:11.053458 radius-access-request: Chargeable-User-Identity added:
Nov 30 14:56:11.053513 radius-access-request: Acct-Session-Id added: 3918
Nov 30 14:56:11.053577 radius-access-request: DHCP-MAC-Address (Juniper-ERX-VSA) added: 001d.aa85.c541
Nov 30 14:56:11.053643 radius-access-request: NAS-Port added: 10 00 0b b9
Nov 30 14:56:11.053687 radius-access-request: NAS-Port-Id added: ge-1/1/0.demux0.3221229351:3001
Nov 30 14:56:11.053736 radius-access-request: NAS-Port-Type added: 15
Nov 30 14:56:11.053798 radius-access-request: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 00:1d:aa:85:c5:41
Nov 30 14:56:11.053886 authd_create_application_specific_radius_server: Evaluating RADIUS server 192.168.10.5 to add to the server list
Nov 30 14:56:11.053924 Evaluating RADIUS server 192.168.10.5 to add to the server list
Nov 30 14:56:11.053959 Verify source address c0a80a14 in routing instance index=0
Nov 30 14:56:11.054161 authd_radius_server_add: server 192.168.10.5 retry 3, timeout 3
Nov 30 14:56:11.054357 Request queued successfully
Nov 30 14:56:11.054428 REQUEST: AUTHEN - module_index 0 module(radius) return: ASYNC
Nov 30 14:56:11.054477 UserAccess:cty02 session-id:3918 state:start ge-1/1/0.demux0.3221229351:3001
Nov 30 14:56:11.054518 Auth-FSM: GRES-Mirror for session-id:3918 state:AuthStart(1)
Nov 30 14:56:11.054551 doPersistedDataUpdates
Nov 30 14:56:11.054584 doPersistedDataUpdates
Nov 30 14:56:11.059130 RadiusServer: server[0] used for last request - 192.168.10.5 no timeout
Nov 30 14:56:11.059665 loadDefaultService:: default service for the subscriber is empty
Nov 30 14:56:11.059701 Radius result is CLIENT_REQ_STATUS_SUCCESS
Nov 30 14:56:11.283689 Parsing RADIUS message for session-id:3918
Nov 30 14:56:11.283812 radius-access-accept: Framed-Protocol received: 1
Nov 30 14:56:11.283853 RADIUS Attribute: Parse Error: "Unsupported attribute type" Radius Standard Attr-Type: 13
Nov 30 14:56:11.283902 radius-access-accept: IP-Loopback-Interface (Juniper-ERX-VSA) received: lo0.0
Nov 30 14:56:11.283953 radius-access-accept: Primary-DNS (Juniper-ERX-VSA) received: 8.8.8.8
Nov 30 14:56:11.284010 radius-access-accept: Secondary-DNS (Juniper-ERX-VSA) received: 8.8.4.4
Nov 30 14:56:11.284069 radius-access-accept: Egress-Policy-Name (Juniper-ERX-VSA) received: NETV1_UP
Nov 30 14:56:11.284120 radius-access-accept: Ingress-Statistics (Juniper-ERX-VSA) received: 1
Nov 30 14:56:11.284169 radius-access-accept: Egress-Statistics (Juniper-ERX-VSA) received: 1
Nov 30 14:56:11.284206 RADIUS Attribute: Parse Error: "Unsupported attribute type" Radius ERX VSA Attr-Type: 2
Nov 30 14:56:11.284244 Framed-IP-Route-Tag (Juniper-ERX-VSA), Err:"Attribute length is invalid" Decoded-val:0(0x0)
Nov 30 14:56:11.284293 radius-access-accept: Ingress-Policy-Name (Juniper-ERX-VSA) received: NETV1_DOWN
Nov 30 14:56:11.284381 Framework - module(radius) return: SUCCESS
Nov 30 14:56:11.284419 authd_advance_module_for_aaa_response_msg: result:2
Nov 30 14:56:11.284472 Client-session response-attr:: type:79 len:4
Nov 30 14:56:11.284523 Client-session response-attr:: type:122 len:4
Nov 30 14:56:11.284602 Client-session response-attr:: type:123 len:4
Nov 30 14:56:11.284818 authd_update_session_dynamic_attributes: Client-session response-dyn-attr:: name:junos-output-filter, len:8, value: NETV1_UP, encode 0
Nov 30 14:56:11.284873 authd_update_session_dynamic_attributes: Client-session response-dyn-attr:: name:junos-input-filter, len:10, value: NETV1_DOWN, encode 0
Nov 30 14:56:11.284922 Finding a client snapshot session-id:3918
Nov 30 14:56:11.285383 Decoding incoming attributes
Nov 30 14:56:11.285435 Subscriber attribute 10005, length 4
Nov 30 14:56:11.285471 Subscriber attribute 10153, length 13
Nov 30 14:56:11.285507 Subscriber attribute 10169, length 8
Nov 30 14:56:11.285543 Subscriber attribute 10080, length 17
Nov 30 14:56:11.285583 Received subscriber login request, subscriber-session-id:3918
Nov 30 14:56:11.285647 Decoding attribute 10005 length 4
Nov 30 14:56:11.285688 Decoding attribute 10080 length 17
Nov 30 14:56:11.285721 Decoding attribute 10153 length 13
Nov 30 14:56:11.285754 Decoding attribute 10169 length 8
Nov 30 14:56:11.285807 Processing address request in default:default network 255.255.255.254 mac 00:1D:AA:85:C5:41
Nov 30 14:56:11.285849 readSessionEntry
Nov 30 14:56:11.285901 Processing rule Reserve-Address

Highlighted
Junos

Re: Attributes error from radius server.

‎11-29-2018 11:36 PM

Nov 30 14:56:11.283902 radius-access-accept: IP-Loopback-Interface (Juniper-ERX-VSA) received: lo0.0
Nov 30 14:56:11.283953 radius-access-accept: Primary-DNS (Juniper-ERX-VSA) received: 8.8.8.8
Nov 30 14:56:11.284010 radius-access-accept: Secondary-DNS (Juniper-ERX-VSA) received: 8.8.4.4
Nov 30 14:56:11.284069 radius-access-accept: Egress-Policy-Name (Juniper-ERX-VSA) received: NETV1_UP
Nov 30 14:56:11.284120 radius-access-accept: Ingress-Statistics (Juniper-ERX-VSA) received: 1
Nov 30 14:56:11.284169 radius-access-accept: Egress-Statistics (Juniper-ERX-VSA) received: 1
Nov 30 14:56:11.284206 RADIUS Attribute: Parse Error: "Unsupported attribute type" Radius ERX

 

No return attribute.

 

ATTRIBUTE       Framed-Route                            22      string

 

Kindly use above attribute

Highlighted
Junos

Re: Attributes error from radius server.

‎11-30-2018 12:21 AM

123.pngThis is available attribute in ERX and Atrribute Framed Route is not available in ERX Attribute. I think that is the same, I don't know why it's not supported

Highlighted
Junos
Solution
Accepted by topic author PhanNgocDuy
‎11-30-2018 01:08 AM

Re: Attributes error from radius server.

‎11-30-2018 12:27 AM

ERX-Framed-route-tag  is used to assign tag.

 

"<addr>[/<maskLen>] [<nexthop> [<cost>]] [tag <tagValue>] [distance <distValue>]"

 

To assign Framed-route, please use below attribute.

 

ATTRIBUTE       Framed-Route                            22      string

Highlighted
Junos

Re: Attributes error from radius server.

‎11-30-2018 12:43 AM

@rnayar wrote:

ERX-Framed-route-tag  is used to assign tag.

 

"<addr>[/<maskLen>] [<nexthop> [<cost>]] [tag <tagValue>] [distance <distValue>]"

 

To assign Framed-route, please use below attribute.

 

ATTRIBUTE       Framed-Route                            22      string


Thanks you very much, My log file is : 

 

Nov 30 16:35:52.785882 ###################################################################
Nov 30 16:35:52.785915 ########################### AUTH REQ RCVD #########################
Nov 30 16:35:52.786394 ###################################################################
Nov 30 16:35:52.786426 Auth-FSM: Process Auth-Request for session-id:3946
Nov 30 16:35:52.786460 Framework: Starting authentication
Nov 30 16:35:52.786498 authd_advance_module_for_aaa_request_msg: result:0
Nov 30 16:35:52.786537 Authd module start session-id:3946
Nov 30 16:35:52.786568 authd_radius_start_auth: Starting RADIUS authentication session-id:3946
Nov 30 16:35:52.786852 authd_radius_build_basic_auth_request: session-id:3946 profile=RADIUS, username=cty02
Nov 30 16:35:52.786895 radius-access-request: User-Name added: cty02
Nov 30 16:35:52.786956 radius-access-request: User-Password added: ""
Nov 30 16:35:52.787003 dup_type: 0 effective profile RADIUS
Nov 30 16:35:52.787079 radius-access-request: Service-Type added: 2
Nov 30 16:35:52.787137 radius-access-request: Framed-Protocol added: 1
Nov 30 16:35:52.787204 radius-access-request: Chargeable-User-Identity added:
Nov 30 16:35:52.787265 radius-access-request: Acct-Session-Id added: 3946
Nov 30 16:35:52.787343 radius-access-request: DHCP-MAC-Address (Juniper-ERX-VSA) added: abcd.0000.0001
Nov 30 16:35:52.787412 radius-access-request: NAS-Port added: 00 00 0f ff
Nov 30 16:35:52.787457 radius-access-request: NAS-Port-Id added: -0/0/0.0
Nov 30 16:35:52.787504 radius-access-request: NAS-Port-Type added: 15
Nov 30 16:35:52.787568 radius-access-request: PPPoE-Description (Juniper-ERX-VSA) added: pppoe ab:cd:00:00:00:01
Nov 30 16:35:52.787662 authd_create_application_specific_radius_server: Evaluating RADIUS server 192.168.10.5 to add to the server list
Nov 30 16:35:52.787703 Evaluating RADIUS server 192.168.10.5 to add to the server list
Nov 30 16:35:52.787747 Verify source address c0a80a14 in routing instance index=0
Nov 30 16:35:52.787853 authd_radius_server_add: server 192.168.10.5 retry 3, timeout 3
Nov 30 16:35:52.788177 Request queued successfully
Nov 30 16:35:52.788229 REQUEST: AUTHEN - module_index 0 module(radius) return: ASYNC
Nov 30 16:35:52.788284 UserAccess:cty02 session-id:3946 state:start -0/0/0.0
Nov 30 16:35:52.788325 Auth-FSM: GRES-Mirror for session-id:3946 state:AuthStart(1)
Nov 30 16:35:52.788359 doPersistedDataUpdates
Nov 30 16:35:52.788392 doPersistedDataUpdates
Nov 30 16:35:52.808902 RadiusServer: server[0] used for last request - 192.168.10.5 no timeout
Nov 30 16:35:52.808985 loadDefaultService:: default service for the subscriber is empty
Nov 30 16:35:52.809021 Radius result is CLIENT_REQ_STATUS_SUCCESS
Nov 30 16:35:53.031660 Parsing RADIUS message for session-id:3946
Nov 30 16:35:53.031783 radius-access-accept: Framed-Protocol received: 1
Nov 30 16:35:53.031857 RADIUS Attribute: Parse Error: "Unsupported attribute type" Radius Standard Attr-Type: 13
Nov 30 16:35:53.031907 radius-access-accept: IP-Loopback-Interface (Juniper-ERX-VSA) received: lo0.0
Nov 30 16:35:53.031959 radius-access-accept: Primary-DNS (Juniper-ERX-VSA) received: 8.8.8.8
Nov 30 16:35:53.032010 radius-access-accept: Secondary-DNS (Juniper-ERX-VSA) received: 8.8.4.4
Nov 30 16:35:53.032067 radius-access-accept: Egress-Policy-Name (Juniper-ERX-VSA) received: NETV1_UP
Nov 30 16:35:53.032121 radius-access-accept: Ingress-Statistics (Juniper-ERX-VSA) received: 1
Nov 30 16:35:53.032170 radius-access-accept: Egress-Statistics (Juniper-ERX-VSA) received: 1
Nov 30 16:35:53.032209 RADIUS Attribute: Parse Error: "Unsupported attribute type" Radius ERX VSA Attr-Type: 2
Nov 30 16:35:53.032302 processRadiusAttrib22: wholeString: [10.0.0.8/29 0.0.0.0 2]
Nov 30 16:35:53.032535 processRadiusAttrib22: Attribute 22 missing nextHop, using default [0.0.0.0]
Nov 30 16:35:53.032578 processRadiusAttrib22: Received FR Attributes
Nov 30 16:35:53.032637 radius-access-accept: Framed-Route received: 10.0.0.8/29 0.0.0.0 2
Nov 30 16:35:53.032694 radius-access-accept: Ingress-Policy-Name (Juniper-ERX-VSA) received: NETV1_DOWN
Nov 30 16:35:53.032778 Framework - module(radius) return: SUCCESS
Nov 30 16:35:53.032816 authd_advance_module_for_aaa_response_msg: result:2
Nov 30 16:35:53.032868 Client-session response-attr:: type:79 len:4
Nov 30 16:35:53.033589 Client-session response-attr:: type:122 len:4
Nov 30 16:35:53.033634 Client-session response-attr:: type:123 len:4
Nov 30 16:35:53.033835 authd_update_session_dynamic_attributes: Client-session response-dyn-attr:: name:junos-output-filter, len:8, value: NETV1_UP, encode 0
Nov 30 16:35:53.033890 authd_update_session_dynamic_attributes: Client-session response-dyn-attr:: name:junos-framed-route-ip-address-prefix, len:12, value: 10.0.0.8/29, encode 1
Nov 30 16:35:53.033937 authd_update_session_dynamic_attributes: Client-session response-dyn-attr:: name:junos-framed-route-nexthop, len:8, value: 0.0.0.0, encode 2
Nov 30 16:35:53.034014 authd_update_session_dynamic_attributes: Client-session response-dyn-attr:: name:junos-framed-route-cost, len:1, value: 2, encode 3
Nov 30 16:35:53.034061 authd_update_session_dynamic_attributes: Client-session response-dyn-attr:: name:junos-input-filter, len:10, value: NETV1_DOWN, encode 0
Nov 30 16:35:53.034110 Finding a client snapshot sessions

 

But when I show route table, Why I don't show 10.0.0.8 route.

Feedback