Forum Discussion
sundogbrew
Altocumulus
Altocumulusradius irule for IPV6
Greetings, I am looking for some help here. There are a few past posts about using an irule in your radius vip, I am wondering if anyone has used it for V6.
I was using
when RULE_INIT {
array set ::attr_code2name {
1 User-Name
2 User-Password
3 CHAP-Password
4 NAS-IP-Address
5 NAS-Port
6 Service-Type
7 Framed-Protocol
8 Framed-IP-Address
9 Framed-IP-Netmask
10 Framed-Routing
11 Filter-Id
12 Framed-MTU
13 Framed-Compression
14 Login-IP-Host
15 Login-Service
16 Login-TCP-Port
17 (unassigned)
18 Reply-Message
19 Callback-Number
20 Callback-Id
21 (unassigned)
22 Framed-Route
23 Framed-IPX-Network
24 State
25 Class
26 Vendor-Specific
27 Session-Timeout
28 Idle-Timeout
29 Termination-Action
30 Called-Station-Id
31 Calling-Station-Id
32 NAS-Identifier
33 Proxy-State
34 Login-LAT-Service
35 Login-LAT-Node
36 Login-LAT-Group
37 Framed-AppleTalk-Link
38 Framed-AppleTalk-Network
39 Framed-AppleTalk-Zone
60 CHAP-Challenge
61 NAS-Port-Type
62 Port-Limit
63 Login-LAT-Port
}
}
when CLIENT_ACCEPTED {
if { ([UDP::local_port] != 1812) && ([UDP::local_port] != 1813) } {
log local0. "packet on port [UDP::local_port] dropped"
drop
}else {
set CALLID [RADIUS::avp 31 string]
persist uie $CALLID
log local0. "persisted $CALLID"
}
}
when CLIENT_DATA {
if { [UDP::local_port] == 1813 } {
set CALLID [RADIUS::avp 31 string]
set IP [RADIUS::avp 8 ip4]
if { $IP != "" } {
table set $IP [LB::server addr] 900
log local0. "Radius maps $IP to [LB::server addr] for $CALLID"
}
}
}
when LB_SELECTED {
log local0. "Selected [LB::server addr] [LB::server port]"
}
when SERVER_DATA {
persist add uie $CALLID
log local0. "persist added for $CALLID to [LB::server addr]"
}
So for V6, most of those attributes aren't in the packet, but I was figuring I could do persistance on NAS-IPv6-Address which shows up in the radius packet as 95. AVP: t=NAS-IPv6-Address(95) l=18 val=xx:x:x:x::x:x
But if I add 95 NAS-IPv6-Address to the set command and try to call it, I get garbage in my output
<CLIENT_ACCEPTED>: persisted &ôp��������������Pp
It allows me to login but the persistance doesn't work.
Any help would be greatly appreciated!
Thanks
Joe
- JRahm
Admin
it looks like whatever is being returned is binary and not a string. Two tangential recommendations as well:
- Don't use global variables, they demote all connections on that virtual server from CMP. Instead, convert ::attr_code2name to a static namespace variable: static::attr_code2name.
- Check to make sure the avp is present before acting on it like so:
set CALLID [RADIUS::avp 31 string] if { not ($CALLID equals "") } { persist uie $CALLID 900 } }
