Autenticate IPoE with RADIUS

marcomuskus · May 17, 2021, 4:30pm

Hello,
I am using 1.3.0-rc4 as an IPoE server with RADIUS. It seems that, by default, the IPoE server uses the name of the interface as the username and password. ie:
If the IPoE is listening on eth0, the information that IPoE sends to the RADIUS server is like this:

May 17 11:26:08 vyos accel-ipoe: ipoe0:: send [RADIUS(1) Access-Request id=1 <User-Name "eth0"> <NAS-Port 25> <NAS-Port-Id "ipoe0"> <NAS-Port-Type Ethernet> <Calling-Station-Id "00:00:00:00:00:00:48"> <Called-Station-Id "eth0"> <User-Password 0x****>]

How do i authenticate using the MAC address of the client?

Thanks in advance,

Dmitry · June 7, 2021, 8:29am

Hello @marcomuskus ,
In general, IPoE daemon provides this possibility, but CLI commands are not implemented.

[ipoe]
lua-file=/path/to/file.lua
username=lua:user_mac

It allows getting some information from DHCP Discover packet header and use it as a username.
In some cases, it will be helpful to use DHCP option 82 data

#!lua

function user_mac(pkt)
  if (pkt:hwaddr() ~= nil) then
    return pkt:hwaddr()
  end
end

system · October 3, 2021, 10:27pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.