khodor/documentation
0
0
Fork 0
forked from spinesystemspublic/documentation
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add pppoe documentation #3

Browse Source
This commit is contained in:
Denys Fedoryshchenko
2023-05-13 22:09:22 +03:00
parent 69f851ff2d
commit 98df94e789
1 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
PPPOE_management.md
View File

@@ -229,3 +229,67 @@ bond0.923 0 active 1
``` ```
So for example 3 means bit 0 and bit 1 is set - so service-name policy is service-blank+service-name-by-list. So for example 3 means bit 0 and bit 1 is set - so service-name policy is service-blank+service-name-by-list.
### Troubleshooting radius packets by tcpdump
Usually when user try to authenticate, radius server receives Access-Request packet from pppoe. If user is authenticated, radius server sends Access-Accept packet. If user is not authenticated, radius server sends Access-Reject packet. If radius server is not responding, it means that there is no connection between radius server and router or secret is invalid.<br>
To check if PPPoE send requests radius server is responding, you can use tcpdump on PPPoE:
```
tcpdump -ni bond0 port 1812 and host 10.0.0.1 -vvv
tcpdump: listening on bond0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:03:44.241046 IP (tos 0x0, ttl 64, id 29938, offset 0, flags [DF], proto UDP (17), length 145)
10.168.100.11.40469 > 10.0.0.1.1812: [bad udp cksum 0xdeeb -> 0xd6b4!] RADIUS, length: 117
Access-Request (1), id: 0x01, Authenticator: 1bcd5d43815f3215390182adc83dab1b
User-Name Attribute (1), length: 7, Value: username
0x0000: 7377 3130 31
NAS-Identifier Attribute (32), length: 8, Value: bras01
0x0000: 6272 6173 3031
NAS-IP-Address Attribute (4), length: 6, Value: 10.1.100.11
0x0000: 0aa8 640b
NAS-Port-Type Attribute (61), length: 6, Value: Virtual
0x0000: 0000 0005
Service-Type Attribute (6), length: 6, Value: Framed
0x0000: 0000 0002
Framed-Protocol Attribute (7), length: 6, Value: PPP
0x0000: 0000 0001
Calling-Station-Id Attribute (31), length: 19, Value: 04:5e:a4:f5:xx:xx
0x0000: << hidden >>
0x0010: XX
Called-Station-Id Attribute (30), length: 2, Value:
CHAP-Challenge Attribute (60), length: 18, Value: ..]C._2.9....=..
0x0000: 1bcd 5d43 815f 3215 3901 82ad c83d ab1b
CHAP-Password Attribute (3), length: 19, Value:
0x0000: 0170 22f4 3826 6e16 54b6 0f4c 901e 1e00
0x0010: c5
22:03:44.243758 IP (tos 0x0, ttl 64, id 34019, offset 0, flags [DF], proto UDP (17), length 187)
10.168.100.11.53632 > 10.168.101.2.1812: [bad udp cksum 0xdf15 -> 0x89b4!] RADIUS, length: 159
Access-Request (1), id: 0x01, Authenticator: 2b7da77c13ff40bff0073397f6973096
User-Name Attribute (1), length: 11, Value: jadnet392
0x0000: 6a61 646e 6574 3339 32
NAS-Identifier Attribute (32), length: 8, Value: bras01
0x0000: 6272 6173 3031
NAS-IP-Address Attribute (4), length: 6, Value: 10.1.100.11
0x0000: 0aa8 640b
NAS-Port-Type Attribute (61), length: 6, Value: Virtual
0x0000: 0000 0005
Service-Type Attribute (6), length: 6, Value: Framed
0x0000: 0000 0002
Framed-Protocol Attribute (7), length: 6, Value: PPP
0x0000: 0000 0001
Calling-Station-Id Attribute (31), length: 19, Value: c4:ad:34:5f:xx:xx
0x0000: << hidden >>
0x0010: XX
Called-Station-Id Attribute (30), length: 2, Value:
Vendor-Specific Attribute (26), length: 24, Value: Vendor: The Broadband Forum (3561)
Vendor Attribute: 1, Length: 16, Value: CSS-ABC eth 0/19
0x0000: 0000 0de9 0112 4353 532d 4a61 6420 6574
0x0010: 6820 302f 3139
Vendor-Specific Attribute (26), length: 14, Value: Vendor: The Broadband Forum (3561)
Vendor Attribute: 2, Length: 6, Value: Port20
0x0000: 0000 0de9 0208 506f 7274 3230
CHAP-Challenge Attribute (60), length: 18, Value: +}.|..@...3...0.
0x0000: 2b7d a77c 13ff 40bf f007 3397 f697 3096
CHAP-Password Attribute (3), length: 19, Value:
0x0000: 011c f55c 5141 d61d f602 f854 f32b 6455
0x0010: da
```