Hi,
We are testing PacketFence with our Ruckus WLC but for some reason the RADIUS
traffic is being ignored by FreeRadius.
I can see the Ruckus RADIUS traffic on the management port using TCPDUMP but
there is nothing in the radius.log to suggest it has been processed.
I know that FreeRadius is running because RADIUS traffic generated by the
NATRadPing Test utility is appearing in the logs (as well as the TCPDUMP.
Below is the TCPDUMP results for the Ruckus traffic and the NATRadPing traffic.
Note I have configured NATRadPing to replicate RADIUS attributes in the Ruckus
RADIUS packets.
Can anyone help work out what is going wrong?
Thanks,
Michael Stone
Invigor Group
Ruckus RADIUS Packet
16:26:29.647203 IP (tos 0x0, ttl 61, id 0, offset 0, flags [DF], proto UDP
(17), length 231)
203-174-136-114.syd.static-ipl.aapt.com.au.46363 > packetfence.radius: [udp
sum ok] RADIUS, length: 203
Access Request (1), id: 0x02, Authenticator:
e7fd1f94199b81e812979a2ab10f4d2a
Username Attribute (1), length: 19, Value: 98:03:D8:88:52:36
0x0000: 3938 3a30 333a 4438 3a38 383a 3532 3a33
0x0010: 36
Password Attribute (2), length: 34, Value:
0x0000: 517d f3df d789 37ad d425 6526 9836 f8b9
0x0010: 03bf 2544 47ff 6561 19f1 ab32 8747 14bb
Calling Station Attribute (31), length: 19, Value: 98-03-D8-88-52-36
0x0000: 3938 2d30 332d 4438 2d38 382d 3532 2d33
0x0010: 36
NAS IP Address Attribute (4), length: 6, Value: 10.10.10.92
0x0000: 0a0a 0a5c
Called Station Attribute (30), length: 34, Value:
84-18-3A-18-4E-18:Ruckus-PF-Free
0x0000: 3834 2d31 382d 3341 2d31 382d 3445 2d31
0x0010: 383a 5275 636b 7573 2d50 462d 4672 6565
Service Type Attribute (6), length: 6, Value: Framed
0x0000: 0000 0002
NAS Port Type Attribute (61), length: 6, Value: Wireless - IEEE 802.11
0x0000: 0000 0013
NAS ID Attribute (32), length: 19, Value: 84-18-3A-18-4E-18
0x0000: 3834 2d31 382d 3341 2d31 382d 3445 2d31
0x0010: 38
Vendor Specific Attribute (26), length: 22, Value: Vendor: Unknown
(25053)
Vendor Attribute: 3, Length: 14, Value: Ruckus-PF-Free
0x0000: 0000 61dd 0310 5275 636b 7573 2d50 462d
0x0010: 4672 6565
Message Authentication Attribute (80), length: 18, Value: .A.d.f..
0x0000: a241 0164 0566 0b01 00bf b95c b760 db5f
NATRadPing Test Radius Traffic (with response)
16:48:53.267082 IP (tos 0x0, ttl 125, id 4843, offset 0, flags [none], proto
UDP (17), length 188)
203-174-136-114.syd.static-ipl.aapt.com.au.29436 > packetfence.radius: [udp
sum ok] RADIUS, length: 160
Access Request (1), id: 0x2b, Authenticator:
20202020202031343333313431333333
Username Attribute (1), length: 19, Value: 98:03:D8:88:52:36
0x0000: 3938 3a30 333a 4438 3a38 383a 3532 3a33
0x0010: 36
NAS IP Address Attribute (4), length: 6, Value: 10.10.10.92
0x0000: 0a0a 0a5c
NAS Port Type Attribute (61), length: 6, Value: Async
0x0000: 0000 0000
Calling Station Attribute (31), length: 19, Value: 98-03-D8-88-52-36
0x0000: 3938 2d30 332d 4438 2d38 382d 3532 2d33
0x0010: 36
Called Station Attribute (30), length: 34, Value:
84-18-3A-18-4E-18:Ruckus-PF-Free
0x0000: 3834 2d31 382d 3341 2d31 382d 3445 2d31
0x0010: 383a 5275 636b 7573 2d50 462d 4672 6565
Service Type Attribute (6), length: 6, Value: Framed
0x0000: 0000 0002
NAS Port Type Attribute (61), length: 6, Value: Wireless - IEEE 802.11
0x0000: 0000 0013
NAS ID Attribute (32), length: 19, Value: 84-18-3A-18-4E-18
0x0000: 3834 2d31 382d 3341 2d31 382d 3445 2d31
0x0010: 38
Vendor Specific Attribute (26), length: 25, Value: Vendor: Unknown
(1983730293)
Vendor Attribute: 99, Length: 107 (bogus, goes past end of
vendor-specific attribute)
0x0000: 763d 5275 636b 7573 2057 6972 656c 6573
0x0010: 732c 2049 6e63 2e
16:48:53.281113 IP (tos 0x0, ttl 64, id 15135, offset 0, flags [none], proto
UDP (17), length 104)
packetfence.radius > 203-174-136-114.syd.static-ipl.aapt.com.au.29436: [bad
udp cksum 0x84d8 -> 0x8d54!] RADIUS, length: 76
Access Reject (3), id: 0x2b, Authenticator:
7d7630cd4906ee5492263b1fcd7f2b82
Reply Attribute (18), length: 56, Value: Network device does not
support this mode of operation
0x0000: 4e65 7477 6f72 6b20 6465 7669 6365 2064
0x0010: 6f65 7320 6e6f 7420 7375 7070 6f72 7420
0x0020: 7468 6973 206d 6f64 6520 6f66 206f 7065
0x0030: 7261 7469 6f6e
Invigor Group Limited is a company registered in Australia (ABN 75 081 368
274). This email and any attachments are intended solely for the use of the
addressee(s) and may contain information that is confidential, subject to
copyright and subject to legal professional privilege. If you have received
this email in error, please notify the sender immediately, delete it and
destroy all copies. Any views expressed are those of the individual sender
unless expressly stated otherwise. In respect of this email and any
attachments, to the extent permitted by law, no warranty is given and all
liability is excluded,including, without limitation, liability for any loss or
damage caused by way of computer virus, defect, delay, or interruption.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
