Could it be possible to extend PPPoE Error code?

Joe_Shen · March 26, 2007, 1:50pm

hi,

  We provide broadband access by ADSL. The cucurrent
session number and access port is controled by radius
server. E.g. an PPPoE account can ONLY be used with a
designated access port, and current session of that
account is limited to 3 or 5.

   If a subscriber dials with a username. mismatching
username and password, illegal access port and
exceeding current session number reach the same error
code "691" on subscriber's computer.

    We want to identify the exact reason for customer
complaint. So, it that possible to extend radius
server and Broadband Access Server ( Juniper E series)
to echo different error code for different reason.
E.g.
  Error code 691 for wrong password
  Error code 851 for wrong access port
  Error code 852 for exceeding limit of concurrent
session number
..

regards

Joe

Hugh_Irvine · March 26, 2007, 10:41pm

Hello Joe -

There is a RADIUS "Reply-Message" reply attribute that can be used to send any message you wish in an Access-Reject. However the display of whatever is sent in the "Reply-Message" is up to your NAS equipment and/or connecting client device. In my experience there are almost no client devices that actually display the "Reply-Message", but as always YMMV.

regards

Hugh

hi,

  We provide broadband access by ADSL. The cucurrent
session number and access port is controled by radius
server. E.g. an PPPoE account can ONLY be used with a
designated access port, and current session of that
account is limited to 3 or 5.

   If a subscriber dials with a username. mismatching
username and password, illegal access port and
exceeding current session number reach the same error
code "691" on subscriber's computer.

    We want to identify the exact reason for customer
complaint. So, it that possible to extend radius
server and Broadband Access Server ( Juniper E series)
to echo different error code for different reason.
E.g.
  Error code 691 for wrong password
  Error code 851 for wrong access port
  Error code 852 for exceeding limit of concurrent
session number
..

regards

Joe

__________________________________
Yahoo! Movies - Search movie info and celeb profiles and photos.
http://sg.movies.yahoo.com/

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

Dominic_J_Eidson · March 26, 2007, 11:02pm

Hello Joe -

There is a RADIUS "Reply-Message" reply attribute that can be used to send any message you wish in an Access-Reject. However the display of whatever is sent in the "Reply-Message" is up to your NAS equipment and/or connecting client device. In my experience there are almost no client devices that actually display the "Reply-Message", but as always YMMV.

It seems to me this would be something best reserved for the radius server, not the end-user to track.

And it seems trivial to get (at least on 2 out of 3) radius servers to have them log a line to syslog/your choice of log file upon failures, including which of your three scenarios caused the failure..

- d.

Joe_Shen · March 27, 2007, 4:22pm

> client device. In my experience there are almost
no client devices that
> actually display the "Reply-Message", but as
always YMMV.

It seems to me this would be something best reserved
for the radius
server, not the end-user to track.

To my opion, if customer's PC could show the exact
reason for dial-up error, CSR could deal with customer
complaint easily.

As most of customer use microsoft windowsxx, could it
be possible to display "replay-message" on it?
or if we develop a standalone PPPoE software, could it
be possible to display it?

Joe

Joe_Maimon1 · March 27, 2007, 6:23pm

Joe Shen wrote:

error 691 is a ms chap extensions to ppp error code that means auth failed.

Its in response to the access-reject from the radius server most probably.

There really isnt any room here to do more.

client device. In my experience there are almost

no client devices that

actually display the "Reply-Message", but as

always YMMV.

It seems to me this would be something best reserved
for the radius server, not the end-user to track.

To my opion, if customer's PC could show the exact
reason for dial-up error, CSR could deal with customer
complaint easily.

No it would be a security vulnerability of type information disclosure.

It would also be impossible to have it fit everyones needs.

For easy CSR, have them punch the customer ID into a system linked to the authentication servers logs.

You can never base your troubleshooting on what the customer tells you, anyways.

As most of customer use microsoft windowsxx, could it
be possible to display "replay-message" on it? or if we develop a standalone PPPoE software, could it
be possible to display it?

Havent heard of any such way. I dont think you actually want to develop such software, but if you do please reference winpoet and raspppoe.

You are much better off requiring customers to use residential dsl equipment, better yet, equipment YOU provision and sell them. Support requirements go way down afterwards.

Having them dial from their computers is not a great concept.