Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] NAS IP address attribute set to loopback address (when configured) instead of RADIUS server source-address

0

0

Article ID: KB32851 KB Last Updated: 04 Sep 2018Version: 1.0
Summary:

The NAS IP Address Attribute is set to the loopback address (when configured) by default instead of the RADIUS server source-address if it is different from the loopback address.

This article explains what must be done to set the NAS IP Address Attribute to use the RADIUS server source address.

 

Symptoms:

Example

In this scenario, the loopback address is set to 192.0.2.255 and the source-address for the RADIUS servers is set to the fxp0 interface with the ip-address of 192.0.2.129.
[edit system]

radius-server {
    192.0.2.1 {
        port 1645;
        accounting-port 1646;
        timeout 5;
        retry 1;
        source-address 192.0.2.129;
    }
    192.0.2.2 {
        port 1645;
        accounting-port 1646;
        timeout 5;
        retry 1;
        source-address 192.0.2.129;
    }
} 

 

While dumping the contents of the connection that is leaving the fxp0 port, notice that the NAS IP Address Attribute is set to 192.0.2.255 and not 192.0.2.129 as desired.

 

root@router> monitor traffic interface fxp0 detail matching "host 192.0.2.1"
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on fxp0, capture size 1514 bytes

12:23:56.559705 Out IP (tos 0x0, ttl  64, id 37373, offset 0, flags [none], proto: UDP (17), length: 116) 192.0.2.129.57464 >  192.0.2.1.1645: RADIUS, length: 88
        Access Request (1), id: 0x3c, Authenticator: 561182af66c1111346f8a174e
          Username Attribute (1), length: 11, Value: test_user
          Password Attribute (2), length: 18, Value:
          NAS ID Attribute (32), length: 17, Value: router
          Calling Station Attribute (31), length: 16, Value: 192.0.2.129
          NAS IP Address Attribute (4), length: 6, Value: 192.0.2.255 

 

Cause:

This is because the NAS IP Address Attribute is set to use the loopback address (when configured) by default.

 

Solution:

To set the ‚ÄčNAS IP Address Attribute to use the RADIUS server source-address, the attribute must be explicitly configured, as follows:

set system radius-options attributes nas-ip-address <ip-address> 

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search