Forum Discussion
Hello Enes Afsin Al,
Thank you for your reply. Much appreciated.
The above iRule, I was not able to save it since it shows some syntax errors. Not an expert in scripts, so couldn't find what is wrong with the syntax of it.
-------------------------------
01070151:3: Rule [/Common/CallIDUIE2] error: /Common/CallIDUIE2:17: error: [parse error: PARSE syntax 501 {syntax error in expression "
set CALLID [RADIUS::avp 31 string]
log local0. ...": variable references require preceding $}][{
set CALLID [RADIUS::avp 31 string]
log local0. "persisted $CALLID"
if { $CALLID ne "" } {
persist uie $CALLID
}
}]
/Common/CallIDUIE2:24: error: [missing a script after "elseif"][]
/Common/CallIDUIE2:27: error: ["Duplicate event"][when CLIENT_DATA {
if { [UDP::local_port] == 1813 } {
set CALLID [RADIUS::avp 31 string]
set IP [RADIUS::avp 8 ip4]
if { $IP ne "" && $CALLID ne "" } {
table set $IP [LB::server addr] 900
log local0. "Radius maps $IP to [LB::server addr] for $CALLID"
}
}
}]
--------------------------------
The packet capture shows the AVP 31 attribute ( Calling-Station-Id) in it. So the issue is not the attribute value missing, however, something that F5 is not able to understand is the packet not processing it forwards.
Frame 2: 317 bytes on wire (2536 bits), 317 bytes captured (2536 bits)
Ethernet II, Src: Fortinet_09:00:12 (00:09:0f:09:00:12), Dst: VMware_f5:03:01 (00:50:56:f5:03:01)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 4091
Internet Protocol Version 4, Src: 172.17.70.60, Dst: 10.1.6.100
User Datagram Protocol, Src Port: 54892, Dst Port: 1812
RADIUS Protocol
Code: Access-Request (1)
Packet identifier: 0x5e (94)
Length: 164
Authenticator: e0a10849518a2fc1f0827505db9f8a5c
Attribute Value Pairs
AVP: t=NAS-IP-Address(4) l=6 val=172.17.70.60
AVP: t=NAS-Port(5) l=6 val=0
AVP: t=NAS-Port-Type(61) l=6 val=Virtual(5)
AVP: t=User-Name(1) l=15 val=mgalantowicza
AVP: t=User-Password(2) l=18 val=Encrypted
AVP: t=Service-Type(6) l=6 val=Shell-User(6)
AVP: t=Calling-Station-Id(31) l=14 val=b0b867cd68ee
Type: 31
Length: 14
Calling-Station-Id: b0b867cd68ee
AVP: t=Called-Station-Id(30) l=14 val=b0b867cd68ee
AVP: t=Vendor-Specific(26) l=23 vnd=Aruba, a Hewlett Packard Enterprise company(14823)
AVP: t=Vendor-Specific(26) l=18 vnd=Aruba, a Hewlett Packard Enterprise company(14823)
AVP: t=Message-Authenticator(80) l=18 val=a0d082620a1137f9110e2a5975c7d6a8
F5 Ethernet Trailer Protocol
However, I will check the LTM logs. But last time I checked it really didn't give any error for the virtual server. It simply is not forwarding the traffic, to the load-balanced Radius servers.