Date created: Thursday, September 4, 2014 9:45:49 AM. Last modified: Saturday, September 12, 2015 10:11:21 AM
FreeRADIUS - ADSL User Templates
Typical off-net L2TP DSL FreeRADIUS user template;
adsl-user-01@fqdn.net.uk User-Password == "adsl-password"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 10.0.0.1,
Framed-IP-Netmask = 255.255.255.255,
Framed-MTU = 1492,
Framed-Compression = Van-Jacobson-TCP-IP,
Tunnel-Type = L2TP,
Tunnel-Medium-Type = IP,
Tunnel-Password = this-isp-l2tp-tunnel-password,
Tunnel-Server-Endpoint = 20.20.20.20., # IP of L2TP carrier LAC
Tunnel-Client-Auth-ID = this-isp-l2tp-tunnel-username,
# Push two static routes to the LNS which route to the DSL LAN subnet
# via this DSL account's PPP IP address, and a backup route via the
# other DSL account this end site has using 10.0.0.2 as PPP IP
Cisco-AVPair = "ip:route=192.168.0.0 255.255.255.0 0.0.0.0 210 tag 210",
Cisco-AVPair += "ip:route=192.168.0.0 255.255.255.0 10.0.0.2 220 tag 220",
Cisco-AVPair += "lcp:interface-config=keepalive 2 5",
Cisco-AVPair += "lcp:interface-config=ip unnumbered Loopback1",
Cisco-AVPair += "lcp:interface-config=no ip verify unicast reverse-path"
# Example rate limit
Cisco-AVPair = "lcp:interface-config=rate-limit input 256000 7500 7500 conform-action transmit exceed-action drop",
Cisco-AVPair += "lcp:interface-config=rate-limit output 1024000 20000 20000 conform-action transmit exceed-action drop"
# Example applying a QoS policy to this VAI on the LNS
Cisco-AVPair = "ip:sub-qos-policy-out=PM-ADSL-8M-POLICE"
# Legacy style
# Cisco-AVPair = "lcp:interface-config=service-policy output PM-ADSL-8M-POLICE"
# Put the user into a VRF
Cisco-AVPair = "lcp:interface-config=ip vrf forwarding CustA"
# Or if using "ip" VSAs instead of "lcp" VSAs
Cisco-AVPair = "ip:vrf-id=CustA"
FreeRADIUS DB entry example for a brand new user;
INSERT INTO radcheck (username, attribute, op, value) VALUES ('user@realm.net', 'Cleartext-Password', ':=', 'safe-password');
INSERT INTO userinfo (username, name, mail, department, workphone, homephone, mobile) VALUES ('user@realm.net', '', '', '', '', '', '');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-MTU', '=', '1500');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-Protocol', '=', 'PPP');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-IP-Address', '=', '100..0.0.1');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-IP-Netmask', '=', '255.255.255.255');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Service-Type', '=', 'Framed');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Cisco-AVPair', '=', 'ip:ip-unnumbered=Loopback123');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Cisco-AVPair', '+=', 'ip:route=vrf CUST-VRF 192.168.0.0 255.255.255.0 10.0.0.1');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Type', '=', ':1:L2TP');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Medium-Type', '=', ':1:IPv4');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Client-Auth-ID', '=', ':1:Provider-LAC-Name');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Server-Auth-ID', '=', ':1:My-LNS-Name');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Password', '=', ':1:SuperSecret');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Server-Endpoint', '=', ':1:MY.LNS.IP.ADDR');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Preference', '=', ':1:100');
Previous page: Cisco AVPairs
Next page: FreeRADIUS PostgreSQL