Hi,
My Config..
[ipoe]
verbose=100
username=lua:username
lua-file=/etc/accel-ppp.lua
lease-time=60
max-lease-time=60
gw-ip-address=10.13.24.1/24
nat=0
proxy-arp=0
shared=1
ifcfg=1
mode=L2
interface=eth3,start=up,start=dhcpv4,mode=L2
I should get request from only 10.13.24.0/24 for AAA authentication, But I see authentication from all other networks, not specified on gw-ip-address.
log..
[2016-08-01 20:09:19]: info: ipoe1: create interface ipoe1 parent eth2.822
[2016-08-01 20:09:19]: debug: ipoe1: radius(1): req_enter 2
[2016-08-01 20:09:19]: info: ipoe1: send [RADIUS(1) Access-Request id=1 <User-Name "10.11.73.225"> <NAS-Identifier "test"> <NAS-IP-Address 192.168.10.50> <NAS-Port 86459> <NAS-Port-Id "ipoe1"> <NAS-Port-Type Ethernet> <Calling-Station-Id "0c:c4:7a:50:32:05"> <Called-Station-Id "eth2.822"> <Framed-IP-Address 10.11.73.225> <User-Password >]
[2016-08-01 20:09:20]: debug: ipoe1: radius(1): req_exit 1
[2016-08-01 20:09:20]: info: ipoe1: recv [RADIUS(1) Access-Reject id=1 <Reply-Message "Wrong user">]
[2016-08-01 20:09:20]: warn: ipoe1: authentication failed
[2016-08-01 20:09:20]: debug: libnetlink: RTNETLINK answers: No such file or directory
[2016-08-01 20:09:20]: debug: ipoe1: terminate
[2016-08-01 20:09:20]: info: ipoe1: ipoe: session finished
how do I stop request from unknown IP pool to hit for authentication.
Thanks
A Narayan
Disable unknown IP Address pool from Authentication
-
- Posts: 13
- Joined: 01 Dec 2015, 09:38
-
- Posts: 13
- Joined: 01 Dec 2015, 09:38
Re: Disable unknown IP Address pool from Authentication
Hi,
I know i can use local-net, but is there any way I can stop unknown ip address on accel-ppp by default.
local-net=10.0.0.0/8
Thanks and regards
A Narayan
I know i can use local-net, but is there any way I can stop unknown ip address on accel-ppp by default.
local-net=10.0.0.0/8
Thanks and regards
A Narayan
Re: Disable unknown IP Address pool from Authentication
hi,
no, there is no way to exclude some kind of traffic, any traffic on specified interfaces is assumed as client traffic
no, there is no way to exclude some kind of traffic, any traffic on specified interfaces is assumed as client traffic