Date created: Thursday, September 4, 2014 9:45:49 AM. Last modified: Saturday, September 12, 2015 10:11:21 AM

FreeRADIUS - ADSL User Templates

Typical off-net L2TP DSL FreeRADIUS user template;

adsl-user-01@fqdn.net.uk User-Password == "adsl-password"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 10.0.0.1,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-MTU = 1492,
        Framed-Compression = Van-Jacobson-TCP-IP,
        Tunnel-Type = L2TP,
        Tunnel-Medium-Type = IP,
        Tunnel-Password = this-isp-l2tp-tunnel-password,
        Tunnel-Server-Endpoint = 20.20.20.20.,       # IP of L2TP carrier LAC
        Tunnel-Client-Auth-ID = this-isp-l2tp-tunnel-username,
        # Push two static routes to the LNS which route to the DSL LAN subnet
        # via this DSL account's PPP IP address, and a backup route via the
        # other DSL account this end site has using 10.0.0.2 as PPP IP
        Cisco-AVPair = "ip:route=192.168.0.0 255.255.255.0 0.0.0.0 210 tag 210",
        Cisco-AVPair += "ip:route=192.168.0.0 255.255.255.0 10.0.0.2 220 tag 220",
        Cisco-AVPair += "lcp:interface-config=keepalive 2 5",
        Cisco-AVPair += "lcp:interface-config=ip unnumbered Loopback1",
        Cisco-AVPair += "lcp:interface-config=no ip verify unicast reverse-path"


# Example rate limit
        Cisco-AVPair = "lcp:interface-config=rate-limit input 256000 7500 7500 conform-action transmit exceed-action drop",
        Cisco-AVPair += "lcp:interface-config=rate-limit output 1024000 20000 20000 conform-action transmit exceed-action drop"


# Example applying a QoS policy to this VAI on the LNS
        Cisco-AVPair = "ip:sub-qos-policy-out=PM-ADSL-8M-POLICE"
        # Legacy style
        # Cisco-AVPair = "lcp:interface-config=service-policy output PM-ADSL-8M-POLICE"


# Put the user into a VRF
        Cisco-AVPair = "lcp:interface-config=ip vrf forwarding CustA"

# Or if using "ip" VSAs instead of "lcp" VSAs
        Cisco-AVPair = "ip:vrf-id=CustA"

FreeRADIUS DB entry example for a brand new user;

INSERT INTO radcheck (username, attribute, op, value) VALUES ('user@realm.net', 'Cleartext-Password', ':=', 'safe-password');
INSERT INTO userinfo (username, name, mail, department, workphone, homephone, mobile) VALUES ('user@realm.net', '', '', '', '', '', '');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-MTU', '=', '1500');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-Protocol', '=', 'PPP');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-IP-Address', '=', '100..0.0.1');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Framed-IP-Netmask', '=', '255.255.255.255');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Service-Type', '=', 'Framed');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Cisco-AVPair', '=', 'ip:ip-unnumbered=Loopback123');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Cisco-AVPair', '+=', 'ip:route=vrf CUST-VRF 192.168.0.0 255.255.255.0 10.0.0.1');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Type', '=', ':1:L2TP');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Medium-Type', '=', ':1:IPv4');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Client-Auth-ID', '=', ':1:Provider-LAC-Name');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Server-Auth-ID', '=', ':1:My-LNS-Name');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Password', '=', ':1:SuperSecret');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Server-Endpoint', '=', ':1:MY.LNS.IP.ADDR');
INSERT INTO radreply (username, attribute, op, value) VALUES ('user@realm.net', 'Tunnel-Preference', '=', ':1:100');

Previous page: Cisco AVPairs
Next page: FreeRADIUS PostgreSQL