Could it be possible to extend PPPoE Error code?
hi, We provide broadband access by ADSL. The cucurrent session number and access port is controled by radius server. E.g. an PPPoE account can ONLY be used with a designated access port, and current session of that account is limited to 3 or 5. If a subscriber dials with a username. mismatching username and password, illegal access port and exceeding current session number reach the same error code "691" on subscriber's computer. We want to identify the exact reason for customer complaint. So, it that possible to extend radius server and Broadband Access Server ( Juniper E series) to echo different error code for different reason. E.g. Error code 691 for wrong password Error code 851 for wrong access port Error code 852 for exceeding limit of concurrent session number .. regards Joe __________________________________ Yahoo! Movies - Search movie info and celeb profiles and photos. http://sg.movies.yahoo.com/
Hello Joe - There is a RADIUS "Reply-Message" reply attribute that can be used to send any message you wish in an Access-Reject. However the display of whatever is sent in the "Reply-Message" is up to your NAS equipment and/or connecting client device. In my experience there are almost no client devices that actually display the "Reply-Message", but as always YMMV. regards Hugh On 26 Mar 2007, at 23:50, Joe Shen wrote:
hi,
We provide broadband access by ADSL. The cucurrent session number and access port is controled by radius server. E.g. an PPPoE account can ONLY be used with a designated access port, and current session of that account is limited to 3 or 5.
If a subscriber dials with a username. mismatching username and password, illegal access port and exceeding current session number reach the same error code "691" on subscriber's computer.
We want to identify the exact reason for customer complaint. So, it that possible to extend radius server and Broadband Access Server ( Juniper E series) to echo different error code for different reason. E.g. Error code 691 for wrong password Error code 851 for wrong access port Error code 852 for exceeding limit of concurrent session number ..
regards
Joe
__________________________________ Yahoo! Movies - Search movie info and celeb profiles and photos. http://sg.movies.yahoo.com/
NB: Have you read the reference manual ("doc/ref.html")? Have you searched the mailing list archive (www.open.com.au/archives/ radiator)? Have you had a quick look on Google (www.google.com)? Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
On Tue, 27 Mar 2007, Hugh Irvine wrote:
Hello Joe -
There is a RADIUS "Reply-Message" reply attribute that can be used to send any message you wish in an Access-Reject. However the display of whatever is sent in the "Reply-Message" is up to your NAS equipment and/or connecting client device. In my experience there are almost no client devices that actually display the "Reply-Message", but as always YMMV.
It seems to me this would be something best reserved for the radius server, not the end-user to track. And it seems trivial to get (at least on 2 out of 3) radius servers to have them log a line to syslog/your choice of log file upon failures, including which of your three scenarios caused the failure.. - d.
On 26 Mar 2007, at 23:50, Joe Shen wrote:
We want to identify the exact reason for customer complaint. So, it that possible to extend radius server and Broadband Access Server ( Juniper E series) to echo different error code for different reason. E.g. Error code 691 for wrong password Error code 851 for wrong access port Error code 852 for exceeding limit of concurrent session number
-- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ---------------------------------------------------------------------------- http://www.the-infinite.org/
client device. In my experience there are almost no client devices that actually display the "Reply-Message", but as always YMMV.
It seems to me this would be something best reserved for the radius server, not the end-user to track.
To my opion, if customer's PC could show the exact reason for dial-up error, CSR could deal with customer complaint easily. As most of customer use microsoft windowsxx, could it be possible to display "replay-message" on it? or if we develop a standalone PPPoE software, could it be possible to display it? Joe __________________________________ Meet your soulmate! Yahoo! Asia presents Meetic - where millions of singles gather http://asia.yahoo.com/meetic
Joe Shen wrote: error 691 is a ms chap extensions to ppp error code that means auth failed. Its in response to the access-reject from the radius server most probably. There really isnt any room here to do more.
client device. In my experience there are almost
no client devices that
actually display the "Reply-Message", but as
always YMMV.
It seems to me this would be something best reserved for the radius server, not the end-user to track.
To my opion, if customer's PC could show the exact reason for dial-up error, CSR could deal with customer complaint easily.
No it would be a security vulnerability of type information disclosure. It would also be impossible to have it fit everyones needs. For easy CSR, have them punch the customer ID into a system linked to the authentication servers logs. You can never base your troubleshooting on what the customer tells you, anyways.
As most of customer use microsoft windowsxx, could it be possible to display "replay-message" on it? or if we develop a standalone PPPoE software, could it be possible to display it?
Havent heard of any such way. I dont think you actually want to develop such software, but if you do please reference winpoet and raspppoe. You are much better off requiring customers to use residential dsl equipment, better yet, equipment YOU provision and sell them. Support requirements go way down afterwards. Having them dial from their computers is not a great concept.
Joe
__________________________________ Meet your soulmate! Yahoo! Asia presents Meetic - where millions of singles gather http://asia.yahoo.com/meetic
participants (4)
-
Dominic J. Eidson
-
Hugh Irvine
-
Joe Maimon
-
Joe Shen