Forum Discussion
Paul_70551
Nimbostratus
NimbostratusRADIUS::avp insert is not working
I am looking at a radius issue at the moment and it seemed prudent to use the RADIUS profile with its access to the AVP's directly and not needing to do a UDP decode.
I can successfully pull out, parse and log the AVP's i am interested in but when i try to insert a custom AVP it insert the attribute but not its value.
The vip is a standard UDP vip with a RADIUS profile attached.
The rule is simply doing this:
when CLIENT_DATA {
switch [RADIUS::avp 87] {
"case1" {
RADIUS::avp insert 108 "value" string
log local0. "inserting value"
return
}
"case2" {
RADIUS::avp 108 "value2" string
log local0. "inserting value2"
return
}
default {
log local0. "No match found no avp inserted"
return
}
}
I get the log for case2 and i can see the attribute arrive on the radius server with no value.
The doco around the RADIUS profile is sparse to say the least, any one else used it with success?
Paul
3 Replies
Paul_70551OK for anybody else that looks into this here is what is going on.
The value is being written into the packet, tcpdump is just not displaying it in the packet decode because it sees it as an unknown type of attr and doesnt know what it should interpret it as.
if you use -vvv on tcpdump you can see the HEX value and if you use -X you can see the asci alongside the HEX to see its actually presenting the AVP correctly.
Now to work out how to generate a 16 oct md5 hash to forge the accouting response back to the client...
John_AllenAltostratus
@Paul: Creating a RADIUS Response packet is documented here: http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/49/aft/2159052/showtab/groupforums/Default.aspx- Good info Paul, thanks very much for following up with the community. Let us know how things go and if there's anything we can help with. ;)
Colin
