Forum Discussion

Paul_70551's avatar
Icon for Nimbostratus rankNimbostratus
Mar 18, 2011

RADIUS::avp insert is not working

I am looking at a radius issue at the moment and it seemed prudent to use the RADIUS profile with its access to the AVP's directly and not needing to do a UDP decode.



I can successfully pull out, parse and log the AVP's i am interested in but when i try to insert a custom AVP it insert the attribute but not its value.



The vip is a standard UDP vip with a RADIUS profile attached.



The rule is simply doing this:






switch [RADIUS::avp 87] {


"case1" {


RADIUS::avp insert 108 "value" string


log local0. "inserting value"






"case2" {


RADIUS::avp 108 "value2" string


log local0. "inserting value2"






default {


log local0. "No match found no avp inserted"









I get the log for case2 and i can see the attribute arrive on the radius server with no value.



The doco around the RADIUS profile is sparse to say the least, any one else used it with success?





3 Replies

  • OK for anybody else that looks into this here is what is going on.


    The value is being written into the packet, tcpdump is just not displaying it in the packet decode because it sees it as an unknown type of attr and doesnt know what it should interpret it as.



    if you use -vvv on tcpdump you can see the HEX value and if you use -X you can see the asci alongside the HEX to see its actually presenting the AVP correctly.



    Now to work out how to generate a 16 oct md5 hash to forge the accouting response back to the client...
  • @Paul: Creating a RADIUS Response packet is documented here:
  • Colin_Walker_12's avatar
    Historic F5 Account
    Good info Paul, thanks very much for following up with the community. Let us know how things go and if there's anything we can help with. ;)