Framed-Route

variable · November 8, 2007, 11:25pm

Is anyone using Framed-Route with radius?

I would love to use this to dynamically route users ip space, but I cannot seem to get it to do anything. Anyone on here have this working?

BrianHiggins · November 10, 2007, 2:31pm

what specifically are you trying to accomplish? I’ve never used the framed-route attribute, and all of my pppoe users are dynamically routed.

variable · November 12, 2007, 4:49am

ForePoint

I want to be able to add routes to the router dynamically.

IE. if the user is going to get a /29 routed to them I would add say a 10.1.1.0/24 to the router and then hand the user 10.1.1.16/29. If the user’s router’s address is 10.2.2.100 then I want to route 10.1.1.16/29 to 10.2.2.100 so that the user has the route to them and everything is golden without me having to touch the router at all and just have to have the correct radius attribute applied.

If you are doing this PLEASE let me know how, that would be truly great!!

savage · November 16, 2007, 9:32pm

So what do you send as the value to your framed-route attribute?

RFC 2058: RADIUS States:

5.22. Framed-Route

Description

This Attribute provides routing information to be configured for
the user on the NAS. It is used in the Access-Accept packet and
can appear multiple times.

A summary of the Framed-Route Attribute format is shown below. The
fields are transmitted from left to right.

0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
±±±±±±±±±±±±±±±±±±±±±±
| Type | Length | String…
±±±±±±±±±±±±±±±±±±±±±±

Type

22 for Framed-Route.

Length

= 3

String

The String field is one or more octets, and its contents are
implementation dependent. It is intended to be human readable and
MUST NOT affect operation of the protocol. It is recommended that
the message contain displayable ASCII characters from the range 32
through 126 decimal.

For IP routes, it SHOULD contain a destination prefix in dotted
quad form optionally followed by a slash and a decimal length
specifier stating how many high order bits of the prefix should
be used. That is followed by a space, a gateway address in
dotted quad form, a space, and one or more metrics separated by
spaces. For example, “192.168.1.0/24 192.168.1.1 1 2 -1 3 400”.
The length specifier may be omitted in which case it should
default to 8 bits for class A prefixes, 16 bits for class B
prefixes, and 24 bits for class C prefixes. For example,
“192.168.1.0 192.168.1.1 1”.

Whenever the gateway address is specified as “0.0.0.0” the IP
address of the user SHOULD be used as the gateway address.

MT Manual States:

Framed-Route - routes to add on the server. Format is specified in RFC2865 (Ch. 5.22), can be specified as many times as needed

RFC 2865 States:

The Text field is one or more octets, and its contents are
implementation dependent. It is intended to be human readable and
MUST NOT affect operation of the protocol. It is recommended that
the message contain UTF-8 encoded 10646 [7] characters.

For IP routes, it SHOULD contain a destination prefix in dotted
quad form optionally followed by a slash and a decimal length
specifier stating how many high order bits of the prefix to use.
That is followed by a space, a gateway address in dotted quad
form, a space, and one or more metrics separated by spaces. For
example, “192.168.1.0/24 192.168.1.1 1 2 -1 3 400”. The length
specifier may be omitted, in which case it defaults to 8 bits for
class A prefixes, 16 bits for class B prefixes, and 24 bits for
class C prefixes. For example, “192.168.1.0 192.168.1.1 1”.

Whenever the gateway address is specified as “0.0.0.0” the IP
address of the user SHOULD be used as the gateway address.

variable · November 17, 2007, 12:41am

I have tried several different strings to no avail, the radius server does send it out but MT doesnt react?

Any ideas?

I have tried:
10.1.50.72/29 10.1.50.70 1 2 -1 3 400
10.1.50.72/29 0.0.0.0 1 2 -1 3 400
10.1.50.72/29 0.0.0.0 1
10.1.50.72/29 10.1.50.70 1
10.1.50.72/29 10.1.50.70
10.1.50.72/29 0.0.0.0


Login OK: [00:0A:E6:27:1A:C1/] (from client shortname1 port 2206204408 cli 1:0:a:e6:27:1a:c1)
Sending Access-Accept of id 2 to XXX:40655
Framed-IP-Address := 10.1.50.70
Framed-Route := "10.1.50.72/29 10.1.50.70 1 2 -1 3 400"
Rate-Limit := "256k/256k"
Session-Timeout := 43200

The router has an IP of 10.1.50.1/24 in the test network.

variable · November 28, 2007, 3:37pm

Does anyone know on this?

Anyone use Framed-Route?

savage · November 28, 2007, 5:55pm

Dont have a working setup where I can test this currently.

What about turning on Radius,Debug logging in the Mikrotik, and posting the MT debug log? No question your Radius server is sending the correct stuff, the question is what does/doesn’t Mikrotik do with it. The only way to find that out, is to look at the logs on the Mikrotik…

variable · November 29, 2007, 12:13am

I dont see anything unusual this is with dhcp,info and radius,debug sent to memory

Chupaka · November 29, 2007, 1:18am

as for me, Framed-Pool=“unknown” is unusual =)

variable · November 29, 2007, 3:52am

That might be confusing, but I actually have the pool set to “unknown”.

On this particular server that pool does not exists, everything is normal in that respect

savage · November 29, 2007, 6:42am

Are you doing DHCP authentication? I was under the impression we are talking PPPoE here…

I doubt Framed-Pool is supported by means of DHCP. The RFCs clearly states that it is for PPP only, so it is quite possible that MT did not implement it for DHCP.

variable · November 29, 2007, 6:56pm

Yes, this was for dhcp mac based authentication.

is it pppoe only then?

savage · November 30, 2007, 6:41am

Based on the RFCs, I would presume it’s for PPP only yes.

Try it with a PPPoE Connection and see if it works then. If it still doesn’t work, I’d mail support@mt and point them here. My money is on that it is supported by PPP only however…