Delegated-IPv6-Prefix and radius radacct

IPoE related questions
gondim
Posts: 64
Joined: 04 Mar 2016, 14:44

Delegated-IPv6-Prefix and radius radacct

Post by gondim »

Hi Dmitry,

I'm trying to store the Delegated-IPv6-Prefix in radius, radacct table. I made the inclusion of the data field framedipv6address and delegatedipv6address in the radacct table and modified the queries.conf from freeradius to write the following:

Framed-IPv6-Prefix to table framedipv6address
Delegated-IPv6-Prefix to table delegatedipv6address

Parts of my queries.conf (freeradius 3):

accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"

# Write SQL queries to a logfile. This is potentially useful for bulk inserts
# when used with the rlm_sql_null driver.
# logfile = ${logdir}/accounting.sql

column_list = "\
acctsessionid, acctuniqueid, username, \
realm, nasipaddress, nasportid, \
nasporttype, acctstarttime, acctupdatetime, \
acctstoptime, acctsessiontime, acctauthentic, \
connectinfo_start, connectinfo_stop, acctinputoctets, \
acctoutputoctets, calledstationid, callingstationid, \
acctterminatecause, servicetype, framedprotocol, \
framedipaddress, framedipv6address, delegatedipv6address"

type {
accounting-on {
#
# Bulk terminate all sessions associated with a given NAS
#
query = "\
UPDATE ${....acct_table1} \
SET \
acctstoptime = FROM_UNIXTIME(\
%{integer:Event-Timestamp}), \
acctsessiontime = '%{integer:Event-Timestamp}' \
- UNIX_TIMESTAMP(acctstarttime), \
acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' \
WHERE acctstoptime IS NULL \
AND nasipaddress = '%{NAS-IP-Address}' \
AND acctstarttime <= FROM_UNIXTIME(\
%{integer:Event-Timestamp})"
}

accounting-off {
query = "${..accounting-on.query}"
}

start {
#
# Insert a new record into the sessions table
#
query = "\
INSERT INTO ${....acct_table1} \
(${...column_list}) \
VALUES \
('%{Acct-Session-Id}', \
'%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', \
'%{NAS-IP-Address}', \
'%{%{NAS-Port-ID}:-%{NAS-Port}}', \
'%{NAS-Port-Type}', \
FROM_UNIXTIME(%{integer:Event-Timestamp}), \
FROM_UNIXTIME(%{integer:Event-Timestamp}), \
NULL, \
'0', \
'%{Acct-Authentic}', \
'%{Connect-Info}', \
'', \
'0', \
'0', \
'%{Called-Station-Id}', \
'%{Calling-Station-Id}', \
'', \
'%{Service-Type}', \
'%{Framed-Protocol}', \
'%{Framed-IP-Address}', \
'%{Framed-IPv6-Prefix}', \
'%{Delegated-IPv6-Prefix}')"

#
# Key constraints prevented us from inserting a new session,
# use the alternate query to update an existing session.
#
query = "\
UPDATE ${....acct_table1} SET \
acctstarttime = FROM_UNIXTIME(%{integer:Event-Timestamp}), \
acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), \
connectinfo_start = '%{Connect-Info}' \
WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
}

I am able to store Framed-IPv6-Prefix in radacct but I am not able to store Delegated-IPv6-Prefix. Can you help me?
Anything that I might be doing wrong?

Thx and best regards,
gondim
Posts: 64
Joined: 04 Mar 2016, 14:44

Re: Delegated-IPv6-Prefix and radius radacct

Post by gondim »

I believe that accel-ppp is not sending the Delegated-IPv6-Prefix to the radius:

(0) Received Accounting-Request Id 1 from 138.xxx.xxx.39:30138 to 191.xxx.xxx.220:1813 length 247
(0) User-Name = "ARA_OLT01:0:5:11:FHTT-05d53c48:668:104"
(0) NAS-Identifier = "IPoE01"
(0) NAS-IP-Address = 138.xxx.xxx.39
(0) NAS-Port = 3298
(0) NAS-Port-Id = "eth3.668.104"
(0) NAS-Port-Type = Ethernet
(0) Calling-Station-Id = "d4:6e:0e:a3:e6:72"
(0) Called-Station-Id = "eth3.668.104"
(0) Acct-Status-Type = Stop
(0) Acct-Authentic = RADIUS
(0) Acct-Session-Id = "b278b9cb4d728e57"
(0) Acct-Session-Time = 785
(0) Acct-Input-Octets = 10719
(0) Acct-Output-Octets = 13244
(0) Acct-Input-Packets = 112
(0) Acct-Output-Packets = 132
(0) Acct-Input-Gigawords = 0
(0) Acct-Output-Gigawords = 0
(0) Framed-IP-Address = 186.xxx.xx.53
(0) Framed-Interface-Id = d66e:eff:fea3:e672
(0) Framed-IPv6-Prefix = 2804:xxxx:dead:9015::/64
(0) Acct-Terminate-Cause = NAS-Request
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: Delegated-IPv6-Prefix and radius radacct

Post by Dmitry »

please show accel-ppp logs
gondim
Posts: 64
Joined: 04 Mar 2016, 14:44

Re: Delegated-IPv6-Prefix and radius radacct

Post by gondim »

Hi Dmitry,

[2018-01-03 06:03:14]: info: eth3.668.104: send [RADIUS(1) Access-Request id=1 <User-Name "ARA_OLT01:0:5:11:FHTT-05d53c48:668:104"> <NAS-Identifier "IPoE01"> <NAS-IP-Address 138.xxx.xxx.39> <NAS-Port 3611> <NAS-Port-Id "eth3.668.104"> <
NAS-Port-Type Ethernet> <Calling-Station-Id "d4:6e:0e:a3:e6:72"> <Called-Station-Id "eth3.668.104"> <User-Password>]
[2018-01-03 06:03:14]: info: eth3.668.104: recv [RADIUS(1) Access-Accept id=1 <Cisco-AVPair "lcp:interface-config#1=rate-limit input 104857600 8000 8000 conform-action transmit exceed-action drop"> <Cisco-AVPair "lcp:interface-config#1=
rate-limit output 104857600 8000 8000 conform-action transmit exceed-action drop">]
[2018-01-03 06:03:14]: info: eth3.668.104: ARA_OLT01:0:5:11:FHTT-05d53c48:668:104: authentication succeeded
[2018-01-03 06:03:14]: info: eth3.668.104: send [RADIUS(1) Accounting-Request id=1 <User-Name "ARA_OLT01:0:5:11:FHTT-05d53c48:668:104"> <NAS-Identifier "IPoE01"> <NAS-IP-Address 138.xxx.xxx.39> <NAS-Port 3611> <NAS-Port-Id "eth3.668.104
"> <NAS-Port-Type Ethernet> <Calling-Station-Id "d4:6e:0e:a3:e6:72"> <Called-Station-Id "eth3.668.104"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "b278b9cb4d7292b8"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Ac
ct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 186.xxx.xx.3> <Framed-Interface-Id d66e:eff:fea3:e672> <Framed-IPv6-Prefix 2804:xxxx:dead:9003::/64>
]
[2018-01-03 06:03:14]: info: eth3.668.104: recv [RADIUS(1) Accounting-Response id=1]
[2018-01-03 06:03:14]: info: eth3.668.104: ipoe: session started

# accel-cmd show sessions "ifname,sid,username,calling-sid,ip,ip6,ip6-dp,rate-limit,type,state,uptime"
ifname | sid | username | calling-sid | ip | ip6 | ip6-dp | rate-limit | type | state | uptime
--------------+------------------+----------------------------------------+-------------------+---------------+--------------------------------------------+--------------------------+---------------+------+--------+----------
eth3.668.104 | b278b9cb4d7292b8 | ARA_OLT01:0:5:11:FHTT-05d53c48:668:104 | d4:6e:0e:a3:e6:72 | 186.xxx.xx.3 | 2804:xxxx:dead:9003:d66e:eff:fea3:e672/64 | 2804:xxxx:dead:a001::/64 | 104857/104857 | ipoe | active | 02:05:22

I'm trying to write on radacct the "ip6-dp". The "ip6" I am already able to record in radacct.
uesleycorrea
Posts: 17
Joined: 27 Nov 2017, 13:37

Re: Delegated-IPv6-Prefix and radius radacct

Post by uesleycorrea »

I'm too passed this. I actually fix IPv6-pd for clients, but I like it this working
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: Delegated-IPv6-Prefix and radius radacct

Post by Dmitry »

i need more logs
so look, Delegated-IPv6-Prefix will be sent in next accounting interim update after be requested by dhcpv6
gondim
Posts: 64
Joined: 04 Mar 2016, 14:44

Re: Delegated-IPv6-Prefix and radius radacct

Post by gondim »

Do you say using the "Acct-Interim-Interval" parameter in radreply?

How could I generate more logs for you to see? Any specific debug mode?
gondim
Posts: 64
Joined: 04 Mar 2016, 14:44

Re: Delegated-IPv6-Prefix and radius radacct

Post by gondim »

[2018-01-03 10:19:40]: info: ipoe: stop interface eth3.668.104
[2018-01-03 10:19:40]: info: ipoe: remove vlan eth3.668.104
[2018-01-03 10:19:56]: debug: vlan-mon: notify 6 104 0800 0
[2018-01-03 10:19:56]: info: ipoe: create vlan eth3.668.104 parent eth3.668
[2018-01-03 10:19:56]: info: ipoe: start interface eth3.668.104 (mode=L2,shared=0,start=dhcpv4,ifcfg=1,ipv6=1)
[2018-01-03 10:19:59]: info: eth3.668.104: recv [DHCPv4 Discover xid=25265e19 chaddr=d4:6e:0e:a3:e6:72 <Message-Type Discover> <Max-Message-Size 1024> <Client-ID 01d46e0ea3e672> <Host-Name Archer_C20> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Router,DNS,Domain-Name,Vendor-Specific,44,46,47,Route,Classless-Route,249> <Relay-Agent {Agent-Circuit-ID ARA_OLT01:0:5:11:FHTT-05d53c48:668:104} {Agent-Remote-ID }>]
[2018-01-03 10:19:59]: debug: eth3.668.104: radius(1): req_enter 1
[2018-01-03 10:19:59]: info: eth3.668.104: send [RADIUS(1) Access-Request id=1 <User-Name "ARA_OLT01:0:5:11:FHTT-05d53c48:668:104"> <NAS-Identifier "IPoE01"> <NAS-IP-Address 138.xxx.xxx.39> <NAS-Port 3658> <NAS-Port-Id "eth3.668.104"> <NAS-Port-Type Ethernet> <Calling-Station-Id "d4:6e:0e:a3:e6:72"> <Called-Station-Id "eth3.668.104"> <User-Password>]
[2018-01-03 10:19:59]: debug: eth3.668.104: radius(1): req_exit 0
[2018-01-03 10:19:59]: info: eth3.668.104: recv [RADIUS(1) Access-Accept id=1 <Cisco-AVPair "lcp:interface-config#1=rate-limit input 104857600 8000 8000 conform-action transmit exceed-action drop"> <Cisco-AVPair "lcp:interface-config#1=rate-limit output 104857600 8000 8000 conform-action transmit exceed-action drop">]
[2018-01-03 10:19:59]: info: eth3.668.104: ARA_OLT01:0:5:11:FHTT-05d53c48:668:104: authentication succeeded
[2018-01-03 10:19:59]: info: eth3.668.104: send [DHCPv4 Offer xid=25265e19 yiaddr=186.xxx.xx.7 chaddr=d4:6e:0e:a3:e6:72 <Message-Type Offer> <Server-ID 186.xxx.xx.1> <Lease-Time 7200> <T1 3600> <Router 186.xxx.xx.1> <Subnet 255.255.255.128> <DNS 191.xxx.xxx.165,8.8.8.8>]
[2018-01-03 10:20:00]: info: eth3.668.104: recv [DHCPv4 Request xid=25265e19 chaddr=d4:6e:0e:a3:e6:72 <Message-Type Request> <Max-Message-Size 1024> <Client-ID 01d46e0ea3e672> <Host-Name Archer_C20> <Vendor-Class 4d53465420352e30> <Request-IP 186.xxx.xx.7> <Server-ID 186.xxx.xx.1> <Request-List Subnet,Router,DNS,Domain-Name,Vendor-Specific,44,46,47,Route,Classless-Route,249> <Relay-Agent {Agent-Circuit-ID ARA_OLT01:0:5:11:FHTT-05d53c48:668:104} {Agent-Remote-ID }>]
[2018-01-03 10:20:00]: debug: eth3.668.104: ipoe: activate session
[2018-01-03 10:20:00]: debug: eth3.668.104: radius(1): req_enter 1
[2018-01-03 10:20:00]: info: eth3.668.104: send [RADIUS(1) Accounting-Request id=1 <User-Name "ARA_OLT01:0:5:11:FHTT-05d53c48:668:104"> <NAS-Identifier "IPoE01"> <NAS-IP-Address 138.xxx.xxx.39> <NAS-Port 3658> <NAS-Port-Id "eth3.668.104"> <NAS-Port-Type Ethernet> <Calling-Station-Id "d4:6e:0e:a3:e6:72"> <Called-Station-Id "eth3.668.104"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "b278b9cb4d729464"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 186.xxx.xx.7> <Framed-Interface-Id d66e:eff:fea3:e672> <Framed-IPv6-Prefix 2804:xxxx:dead:9009::/64>]
[2018-01-03 10:20:00]: info: eth3.668.104: send [DHCPv4 Ack xid=25265e19 yiaddr=186.193.61.7 chaddr=d4:6e:0e:a3:e6:72 <Message-Type Ack> <Server-ID 186.xxx.xx.1> <Lease-Time 7200> <T1 3600> <Router 186.xxx.xx.1> <Subnet 255.255.255.128> <DNS 191.xxx.xxx.165,8.8.8.8>]
[2018-01-03 10:20:00]: debug: eth3.668.104: radius(1): req_exit 0
[2018-01-03 10:20:00]: info: eth3.668.104: recv [RADIUS(1) Accounting-Response id=1]
[2018-01-03 10:20:00]: info: eth3.668.104: ipoe: session started
[2018-01-03 10:20:08]: info: eth3.668.104: recv [DHCPv6 Solicit XID=bd424f <Client-ID 3:0001d46e0ea3e672> <IA-NA 0 T1=0 T2=0> <Elapsed-Time 100728831> <Option-Request DNS> <IA-PD 1000000 T1=0 T2=0>]
[2018-01-03 10:20:08]: info: eth3.668.104: send [DHCPv6 Advertise XID=bd424f <Server-ID 3:001b0000000000000001> <Client-ID 3:0001d46e0ea3e672> <IA-NA 0 T1=150 T2=240 {IA-Addr 2804:xxxx:dead:9009:d66e:eff:fea3:e672 pref_lifetime=300 valid_lifetime=300}> <DNS 2804:xxxx:dead:b1ba::165,2001:4860:4860::8888> <IA-PD 1000000 T1=150 T2=240 {IA-Prefix 2804:xxxx:dead:a005::/64 pref_lifetime=300 valid_lifetime=300}> <Preference 255>]
[2018-01-03 10:20:08]: info: eth3.668.104: recv [DHCPv6 Request XID=924998 <Client-ID 3:0001d46e0ea3e672> <Server-ID 3:001b0000000000000001> <IA-NA 0 T1=0 T2=0 {IA-Addr 2804:xxxx:dead:9009:d66e:eff:fea3:e672 pref_lifetime=300 valid_lifetime=300}> <Elapsed-Time 100663296> <Option-Request DNS> <IA-PD 1000000 T1=0 T2=0 {IA-Prefix 2804:xxxx:dead:a005::/64 pref_lifetime=300 valid_lifetime=300}>]
[2018-01-03 10:20:08]: info: eth3.668.104: dhcpv6: route add 2804:xxxx:dead:a005::/64 via 2804:xxxx:dead:9009:d66e:eff:fea3:e672
[2018-01-03 10:20:08]: info: eth3.668.104: send [DHCPv6 Reply XID=924998 <Server-ID 3:001b0000000000000001> <Client-ID 3:0001d46e0ea3e672> <IA-NA 0 T1=150 T2=240 {IA-Addr 2804:xxxx:dead:9009:d66e:eff:fea3:e672 pref_lifetime=300 valid_lifetime=300}> <DNS 2804:xxxx:dead:b1ba::165,2001:4860:4860::8888> <IA-PD 1000000 T1=150 T2=240 {IA-Prefix 2804:xxxx:dead:a005::/64 pref_lifetime=300 valid_lifetime=300}> <Preference 255>]
[2018-01-03 10:22:38]: info: eth3.668.104: recv [DHCPv6 Renew XID=d4e54e <Client-ID 3:0001d46e0ea3e672> <Server-ID 3:001b0000000000000001> <Elapsed-Time 100663296> <Option-Request DNS> <IA-PD 1000000 T1=150 T2=240 {IA-Prefix 2804:xxxx:dead:a005::/64 pref_lifetime=300 valid_lifetime=300}>]
[2018-01-03 10:22:38]: info: eth3.668.104: send [DHCPv6 Reply XID=d4e54e <Server-ID 3:001b0000000000000001> <Client-ID 3:0001d46e0ea3e672> <DNS 2804:xxxx:dead:b1ba::165,2001:4860:4860::8888> <IA-PD 1000000 T1=150 T2=240 {IA-Prefix 2804:xxxx:dead:a005::/64 pref_lifetime=300 valid_lifetime=300}> <Preference 255>]
[2018-01-03 10:22:38]: info: eth3.668.104: recv [DHCPv6 Renew XID=855d53 <Client-ID 3:0001d46e0ea3e672> <Server-ID 3:001b0000000000000001> <IA-NA 0 T1=150 T2=240 {IA-Addr 2804:xxxx:dead:9009:d66e:eff:fea3:e672 pref_lifetime=300 valid_lifetime=300}> <Elapsed-Time 100663296> <Option-Request DNS>]
[2018-01-03 10:22:38]: info: eth3.668.104: send [DHCPv6 Reply XID=855d53 <Server-ID 3:001b0000000000000001> <Client-ID 3:0001d46e0ea3e672> <IA-NA 0 T1=150 T2=240 {IA-Addr 2804:xxxx:dead:9009:d66e:eff:fea3:e672 pref_lifetime=300 valid_lifetime=300}> <DNS 2804:xxxx:dead:b1ba::165,2001:4860:4860::8888> <Preference 255>]
gondim
Posts: 64
Joined: 04 Mar 2016, 14:44

Re: Delegated-IPv6-Prefix and radius radacct

Post by gondim »

When I run the /usr/sbin/freeradius -X (radius debug mode) I do not see the Delegated-IPv6-Prefix being received and so I can not write to radacct. The only parameter I get in freeradius is Framed-IPv6-Prefix.
Dmitry
Администратор
Posts: 954
Joined: 09 Oct 2014, 10:06

Re: Delegated-IPv6-Prefix and radius radacct

Post by Dmitry »

you don't send Acct-Interim-Interval in Access-Accept
Post Reply