Routing

Hi all,

A relevant question this time 🙂

I am using radiusdesk as the GUI interaction with freeradius and have assigned Framed-IPv6-Prefix as xxxx:xxxx:0100:0200::/64 (I apologise for not being able to supply the actual whole address - I will try and explain the issue without that)....

As the prefix is a /64 I would expect an address at the CPE with 0100:0200 as the 3rd and 4th set of digits, but instead I see the following:

xxxx:xxxx:9D:0:212:FF:FE8D:8980 - I understand the last set of digits being the MAC address, but where did the 9D:0 come from? Also, the radius is sending out the following:

Sent Access-Accept Id 8 from 195.80.0.38:1812 to 195.80.0.13:53670 length 0
Framed-IPv6-Prefix = xxxx:xxxx:9d::/64
Framed-IPv6-Pool = "NDRA"
Framed-IP-Netmask = 255.255.255.248
Framed-IP-Address = 10.10.10.1

But it is not configured that way, unless something strange is going on with a conversion in IPv6.... as far as I am aware eui-64 is the only change that would normally occur.....

Anyone know what would cause this please?

Thanks 

What is your actual query?

Regards,

Rahul

Hi Rahul,

The Question is there.

Why would the RADIUS issue a completely different /64 that what is configured in the Framed-IPv6-Prefix?

Unless there is something happening in IPv6 that I don't know about.

Primarily, I am asking if anyone has seen this before and what the resolution was.

Thanks

Hi Clive,

Do you have authd logs? Please match radius-access-accept and check what attribute is actual sent by radius.

I remeber you're using DB and this looks to be radius issue. It is sending the wrong prefix to MX.

Regards,
Rahul

Hi Rahul,

I have completed a separate test and the results are as follows:

Framed-IPv6-Prefix - xxxx:xxxx:006d:224b::/64

What is assigned by the RADIUS is:

Sent Access-Accept Id 10 from 195.80.0.38:1812 to 195.80.0.13:53670 length 0
Framed-IPv6-Prefix = xxxx:xxxx:9d::/64
Framed-IPv6-Pool = "NDRA"
Framed-IP-Netmask = 255.255.255.248

Framed-IP-Address = 10.10.10.1

But, the LNS sees the following for the subscriber:

User Name: testuser@network.com
IP Address: 10.10.10.1
IP Netmask: 255.255.255.248
IPv6 Prefix: xxxx:xxxx:6d00:200::/56 - Which kind of looks okay, but this is a /56
IPv6 User Prefix: xxxx:xxxx:9d::/64 - Again, this is the 9d::/64

The issue could well be what the RADIUS is doing from a functionality perspective.

The CPE gets the following:

IPv6 = xxxx:xxxx:9D:0:212:FF:FE8D:8980

I will look into the RADIUS as I believe the LNS is doing as it should.

Maybe some information here to help someone else.

Thank you Rahul

From radius, we're getting NDRA prefix and from cli PD is assigned. CPE gets the /64 and connvert it to /128 using EUI-64.

Regards,

Rahul

Hi Rahul,

I found the issue by querying the sql database from the command line with the following command:

select * from radgroupreply;

And found that the user was using a different profile. Since discovered someone had changed the profile to test something else afew days ago and didn't inform me...

However, I now have another issue where the CP is continually sending access requests even though the RADIUS send an access-accept with the correct credentials. That's another story that I shall investigate fully and if I get stuck will post a new quesiton.

Thanks Rahul