cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Updated iRule for radius called-station-id attribute 31 (persistence)

Ed3
Nimbostratus
Nimbostratus

Hello Folks,

Is there an updated iRule for radius called-station-id attribute 31 (persistence) that is available ? There was one posted several years ago and being new to iRules, it doesn't work with latest LTM version and I don't know where to see that it is failing.

Thanks,

Ed

2 REPLIES 2

CA_Valli
Cirrocumulus
Cirrocumulus

Hello Ed3, I've configured radius persistence on a customer last year without need for an iRule.

There's persist option available in RADIUS type traffic profile. 

Other than that, you'll need an universal persistence profile that enables cross-service persistence (used for accounting/authentication persistence on same server). 

 

ltm persistence universal /Common/radius_xsvc {
    app-service none
    defaults-from /Common/universal
    match-across-services enabled
    timeout 300
}
ltm profile radius /Common/radiusLB_31 {
    app-service none
    clients none
    defaults-from /Common/radiusLB
    persist-avp 31
}

 

Apply both profiles in both your VS's for auth/acc. 

Also, check this link: https://support.f5.com/csp/article/K52316490

alveston
Nimbostratus
Nimbostratus

considering that you need an UIE persistence, I think that you need to create two persistence records separately and after that, test if exists persistence for those keys with "persist lookup uie". But you need to ensure that during the first, you have both $var keys, otherwise you may persist in two places. Am I wrong? What do you think about it?