How do you define Framed-IP-Netmask 255.255.255.255 in RADIUS accounting? By default, the MX router will send Framed-IP-Netmask as IP Pool.
[edit access address-assignment pool test]
jtac@ERX-MX480-1-RE0# show
family inet {
network 10.220.32.0/24;
range test {
low 10.220.32.1;
high 10.220.32.255;
}
}
No. Time Source Destination Protocol Length Info
5 4.234499 10.204.12.100 10.204.95.67 RADIUS 257 Accounting-Request(4) (id=55, l=215)
Frame 5: 257 bytes on wire (2056 bits), 257 bytes captured (2056 bits)
Ethernet II, Src: Netscreen_ff:10:02 (00:10:db:ff:10:02), Dst: Vmware_8d:00:67 (00:50:56:8d:00:67)
Internet Protocol Version 4, Src: 10.204.12.100 (10.204.12.100), Dst: 10.204.95.67 (10.204.95.67)
User Datagram Protocol, Src Port: 56734 (56734), Dst Port: radius-acct (1813)
Radius Protocol
Code: Accounting-Request (4)
Packet identifier: 0x37 (55)
Length: 215
Authenticator: de98cb33265338129640c18330615e22
[The response to this request is in frame 7]
Attribute Value Pairs
AVP: l=13 t=User-Name(1): skarthi@tel
AVP: l=6 t=Acct-Status-Type(40): Start(1)
AVP: l=6 t=Acct-Session-Id(44): 1318
AVP: l=6 t=Event-Timestamp(55): Feb 17, 2015 00:59:22.000000000 India Standard Time
AVP: l=6 t=Service-Type(6): Framed(2)
AVP: l=6 t=Framed-Protocol(7): PPP(1)
AVP: l=22 t=Vendor-Specific(26) v=Juniper Networks/Unisphere(4874)
AVP: l=6 t=Acct-Authentic(45): RADIUS(1)
AVP: l=6 t=Acct-Delay-Time(41): 0
AVP: l=22 t=Vendor-Specific(26) v=Juniper Networks/Unisphere(4874)
AVP: l=6 t=Framed-IP-Address(8): 10.220.32.1
AVP: l=6 t=Framed-IP-Netmask(9): 255.255.255.0
AVP: l=17 t=NAS-Identifier(32): ERX-MX480-1-RE0
AVP: l=6 t=NAS-Port(5): 400
AVP: l=18 t=NAS-Port-Id(87): ae0.demux0.0:400
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
AVP: l=31 t=Vendor-Specific(26) v=Juniper Networks/Unisphere(4874)
AVP: l=6 t=NAS-IP-Address(4): 10.204.12.100
Here you can use mask-length 32 under address-assignment, or return RADIUS attribute Framed-IP-Netmask 255.255.255.255 as a workaround.
Please note that mask-length is a hidden command.
Example:
[edit access address-assignment pool test]
jtac@ERX-MX480-1-RE0# show
family inet {
network 10.220.32.0/24;
mask-length 32;
range test {
low 10.220.32.1;
high 10.220.32.255;
}
}
No. Time Source Destination Protocol Length Info
5 5.630271 10.204.12.100 10.204.95.67 RADIUS 257 Accounting-Request(4) (id=59, l=215)
Frame 5: 257 bytes on wire (2056 bits), 257 bytes captured (2056 bits)
Ethernet II, Src: Netscreen_ff:10:02 (00:10:db:ff:10:02), Dst: Vmware_8d:00:67 (00:50:56:8d:00:67)
Internet Protocol Version 4, Src: 10.204.12.100 (10.204.12.100), Dst: 10.204.95.67 (10.204.95.67)
User Datagram Protocol, Src Port: 56734 (56734), Dst Port: radius-acct (1813)
Radius Protocol
Code: Accounting-Request (4)
Packet identifier: 0x3b (59)
Length: 215
Authenticator: 4e6592fb585240f621dc066d58de85f9
[The response to this request is in frame 7]
Attribute Value Pairs
AVP: l=13 t=User-Name(1): skarthi@tel
AVP: l=6 t=Acct-Status-Type(40): Start(1)
AVP: l=6 t=Acct-Session-Id(44): 1319
AVP: l=6 t=Event-Timestamp(55): Feb 17, 2015 01:11:43.000000000 India Standard Time
AVP: l=6 t=Service-Type(6): Framed(2)
AVP: l=6 t=Framed-Protocol(7): PPP(1)
AVP: l=22 t=Vendor-Specific(26) v=Juniper Networks/Unisphere(4874)
AVP: l=6 t=Acct-Authentic(45): RADIUS(1)
AVP: l=6 t=Acct-Delay-Time(41): 0
AVP: l=22 t=Vendor-Specific(26) v=Juniper Networks/Unisphere(4874)
AVP: l=6 t=Framed-IP-Address(8): 10.220.32.2
AVP: l=6 t=Framed-IP-Netmask(9): 255.255.255.255
AVP: l=17 t=NAS-Identifier(32): ERX-MX480-1-RE0
AVP: l=6 t=NAS-Port(5): 400
AVP: l=18 t=NAS-Port-Id(87): ae0.demux0.0:400
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
AVP: l=31 t=Vendor-Specific(26) v=Juniper Networks/Unisphere(4874)
AVP: l=6 t=NAS-IP-Address(4): 10.204.12.100