For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

adamm's avatar
adamm
Icon for Altostratus rankAltostratus
May 23, 2019

Radius Persistence iRule error (bad field specifier)

Having some difficulties implementing a hash persistence irule for Radius auth.   when CLIENT_ACCEPTED { binary scan [UDP::payload] ccSH32cc code ident len auth attr_code1 attr_len1 set in...
application delivery
iRules
LTM
Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
May 29, 2019

Maybe you could use another Radius persisting iRule? I've been using the following:

  • add an radius service profile to the virtual server.
  • create an universal persistence profile and use the following iRule:
when CLIENT_ACCEPTED {
    set framed_ip [RADIUS::avp 8 ip4] 
    set calling_station_id [RADIUS::avp 31 "string"] 
    persist uie "$calling_station_id:$framed_ip"
}
  • Add the universal persistence profile to the virtual server.
adamm's avatar
adamm
Icon for Altostratus rankAltostratus
May 29, 2019

I likely can. I was using a canned irule recommended by Cisco for load balancing ISE PSNs for MAB authentication. Since it's recommended, I was curious as to why I was having so many issues with it. It's also a good chance to learn.

 

I will troubleshoot this a bit more for learning if nothing else and may implement your recommendation in the end. Thanks much for your help.