Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
since ‎10-29-2017
‎10-29-2017
nam nguyen_
Not applicable

Problem with Junos 8.5 accounting message

by in Pulse Policy Secure
‎04-16-2014 03:29:AM
‎04-16-2014 03:29:AM
Dear all !   I have 02 router: 01 using version 8.5 and 01 using version higher than 10.4 We have 01 Steel-Belt Radius Server version 6.1 I have implemented AAA solution: - For authentication and authorization, both router is running as expect. - For accounting, we see that there are different between 02 router as below:   Router running Junos version higher than 10.4: In accounting start/interim-update/stop message, router always return attribute User-Name with value = user login as expect 1/ Accounting Start           Accounting Status Attribute (40), length: 6, Value: Start             0x0000: 0000 0001           Accounting Session ID Attribute (44), length: 13, Value: 5A95349087F             0x0000: 3541 3935 3334 3930 3837 46           Accounting Delay Attribute (41), length: 6, Value: 00 secs             0x0000: 0000 0000           Username Attribute (1), length: 5, Value: nam             0x0000: 6e61 6d           NAS ID Attribute (32), length: 6, Value: MX80             0x0000: 4d58 3830           NAS IP Address Attribute (4), length: 6, Value: 10.0.0.210             0x0000: 0a00 00d2           Calling Station Attribute (31), length: 11, Value: 10.0.0.98             0x0000: 3130 2e30 2e30 2e39 38 2/ Accounting Interim                           Accounting Status Attribute (40), length: 6, Value: Interim-Update             0x0000: 0000 0003           Accounting Session ID Attribute (44), length: 13, Value: 5A95349087F             0x0000: 3541 3935 3334 3930 3837 46           Accounting Delay Attribute (41), length: 6, Value: 00 secs             0x0000: 0000 0000           Username Attribute (1), length: 5, Value: nam             0x0000: 6e61 6d           NAS ID Attribute (32), length: 6, Value: MX80             0x0000: 4d58 3830           Vendor Specific Attribute (26), length: 13, Value: Vendor: Juniper Networks (2636)             Vendor Attribute: 8, Length: 7, Value: exit ..             0x0000: 0000 0a4c 0807 6578 6974 20           NAS IP Address Attribute (4), length: 6, Value: 10.0.0.210             0x0000: 0a00 00d2           Calling Station Attribute (31), length: 11, Value: 10.0.0.98             0x0000: 3130 2e30 2e30 2e39 38                     3/ Accouting stop          Accounting Status Attribute (40), length: 6, Value: Stop             0x0000: 0000 0002           Accounting Session ID Attribute (44), length: 13, Value: 5A95349087F             0x0000: 3541 3935 3334 3930 3837 46           Accounting Delay Attribute (41), length: 6, Value: 00 secs             0x0000: 0000 0000           Username Attribute (1), length: 5, Value: nam             0x0000: 6e61 6d           Accounting Session Time Attribute (46), length: 6, Value: 09 secs             0x0000: 0000 0009           Accounting Termination Cause Attribute (49), length: 6, Value: User Request             0x0000: 0000 0001           NAS ID Attribute (32), length: 6, Value: MX80             0x0000: 4d58 3830           NAS IP Address Attribute (4), length: 6, Value: 10.0.0.210             0x0000: 0a00 00d2           Calling Station Attribute (31), length: 4, Value: ..             0x0000: fec7   But Router running Junos verion 8.5, it only return attribute User-Name in accouting Start message with Value=Juniper-Local-User-Name which is configured on router. This problem isn't as expect because we need to monitor which user login to Router in accounting message.   1/ Accounting Start           Accounting Status Attribute (40), length: 6, Value: Start             0x0000: 0000 0001           Accounting Session ID Attribute (44), length: 14, Value: 12A5534D5997             0x0000: 3132 4135 3533 3444 3539 3937           Accounting Delay Attribute (41), length: 6, Value: 00 secs             0x0000: 0000 0000           Username Attribute (1), length: 9, Value: juniper             0x0000: 6a75 6e69 7065 72           NAS ID Attribute (32), length: 2, Value:           NAS IP Address Attribute (4), length: 6, Value: 172.16.254.2             0x0000: ac10 fe02 2/ Accounting Interim           Accounting Status Attribute (40), length: 6, Value: Interim-Update             0x0000: 0000 0003           Accounting Session ID Attribute (44), length: 14, Value: 12A5534D5999             0x0000: 3132 4135 3533 3444 3539 3939           Accounting Delay Attribute (41), length: 6, Value: 00 secs             0x0000: 0000 0000           NAS ID Attribute (32), length: 2, Value:           Vendor Specific Attribute (26), length: 24, Value: Vendor: Juniper Networks (2636)             Vendor Attribute: 8, Length: 18, Value: show ospf route ..             0x0000: 0000 0a4c 0812 7368 6f77 206f 7370 6620             0x000f: 726f 7574 6520           NAS IP Address Attribute (4), length: 6, Value: 172.16.254.2             0x0000: ac10 fe02                                                 3/ Accouting stop           Accounting Status Attribute (40), length: 6, Value: Stop             0x0000: 0000 0002           Accounting Session ID Attribute (44), length: 14, Value: 12A5534D5999             0x0000: 3132 4135 3533 3444 3539 3939           Accounting Delay Attribute (41), length: 6, Value: 00 secs             0x0000: 0000 0000           Accounting Session Time Attribute (46), length: 6, Value: 19 secs             0x0000: 0000 0013           Accounting Termination Cause Attribute (49), length: 6, Value: User Request             0x0000: 0000 0001           NAS ID Attribute (32), length: 2, Value:           NAS IP Address Attribute (4), length: 6, Value: 172.16.254.2             0x0000: ac10 fe02   Currently, router running Junos 8.5 cannot upgrade to higher version because of flash size.   I  have searched Junos document and there isn't any different in configuration guide.   My question is: - From which version Juniper change this behavior or is it software bug ? - Is there any way to configure Router running Junos 8.5 to return attribute User-Name with Value=user login and return attribute User-Name in both Start/Stop/Interim accounting message. - If not, Is there any way to workaround to return other attribute with Value= user login in Start/Stop/Interim accounting message   Please help me   Thanks in advanced ... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.