M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

Framed-IP-address

 
Highlighted
Frequent Advisor

Framed-IP-address

Hi

I would want my MSM730 controller doesn't take in consideration (ignore) the content of the Framed-IP-Address field that the clients send. There is a way?

I don't find this option in the controller configuration guide....

Regards

 

-------------------------------------------------------------------------------------------------------------------------------

PS- This thread has been moved from Communication and Wireless to MSM Series- Forum Moderator

8 REPLIES 8
Highlighted
Trusted Contributor

Re: Framed-IP-address

The framed-ip-address can be part of the access request for user authentication. See p.226 of the manual: http://cdn.procurve.com/training/Manuals/r531/MSM7xx-MCG-May09-5992-5929.pdf

However, as far as I know the MSM controller does not make use of the frame-ip-address information internally. Meaning you can put it in the access-request and use it when pointing to an external RADIUS server, but when pointing to the MSM controller itself for local authentication, it will be ignored, because the controller has no use for it.

However, I'd like to understand a bit more what you want to achieve by having the framed-ip-address interpreted by the controller? What was the behavior/functionality that you expected?
Highlighted
Frequent Advisor

Re: Framed-IP-address

Hi

I use an external radius server and an external dhcp server. Some clients (actually I noted this only with 802.1X client built-in MAC-OS-X tiger; it doesn't happen with ubuntu) send an IP in the framed-IP-address field.

This IP address is one of the subnet 169.254.0.0 (this is the subnet of link-local how you can see if you type route -n in a shell). I don't know because the client sends this IP (have you any ideas?).

The authentication process works but after the authentication I see in the controller in the VSC->overview->wireless_client page the client with the IP send to its by the dhcp and in the VSC->overview->user_session the same client with the IP of the subnet 169.254.0.0. The client now results authenticated but it can't navigate in internet.

I wished that there was an easy way to say to the controller to ignore any framed-ip-address field. There isn't?
Highlighted
Frequent Advisor

Re: Framed-IP-address

Any ideas? Have you understand my problem?
Anyone have experimented problem with MAC-OS-X-tiger/802.1Xauth/MSM730controller?
Highlighted
Trusted Contributor

Re: Framed-IP-address

Hi, sorry I was gone for a couple of days.

The address that you see and is used by the Apple gear is "normal" for the fact that it is the way Apple does something similar to UPnP. It is kind of plug and play addressing if you prefer.

The key thing is that I'm confident the MSM controller is completely ignoring that information. It might display it in the client information because it "sees" it through, but I'm positive that it is always ignoring the information.

It is just used in cased of an external RADIUS server (and the MSM controller would relay that information to the external RADIUS server).

Bottom line, it means that it is probably not what is the cause of your problem. The question I have is: are ALL your clients not accessing the internet, or just the Apple ones? If you are telling me it is ALL clients (linux, windows, OS-X) and not just OS-X they I would say you have a different/bigger problems. If it is just OS-X then I would be proven wrong and the MSM controller may do something about that information (which I really doubt right now).
Highlighted
Frequent Advisor

Re: Framed-IP-address

Hi fred.
Thanks for answering.

With Ubuntu or Windows the authentication and the access to internet work perfectly. The problem is only with MAC-OS (I have tested only tiger OS).

Today I have done some other tests and the problem seems related to the 169.254.x.x address.
-First I connect the client to an other of my wireless networks (no 802.1x) and the client take an address of my subnet (146.x.x.x).
-After I try to connect the client to 802.1x wireless network and the client asks (by means of the Framed-IP-Address field) for the same address that it have taken earlier (that is 146.x.x.x).
And now it works!

I don't know how I can do other tests because I don't know how I can force the client to ask for a particular IP address....
Highlighted
Trusted Contributor

Re: Framed-IP-address

I'm quite stunned by this behavior, but it would confirm that you are indeed right and that the controller do something about that attribute. One question, is your VSC access controlled or not?
Highlighted
Frequent Advisor

Re: Framed-IP-address

Yes, it is. There isn't this problem If I disable the access control but in this case I don't receive from the APs in the account messages the Chargeable User Identity (CUI) attribute (that I earlier set through the access-accept message).

I had already noticed this...so I have to use the access control...

Highlighted
Trusted Contributor

Re: Framed-IP-address

I guess at this point I have no obvious answer to your problem, sorry! Both this and the CUI problem sound suspicious (bugs). You are probably better off contacting support for assistance at this point with the information you have. If they have a SW with a fix don't forget to post it back here for our information.