Limit PPPoE PADI per specific time period

In ISP environment, some of the clients have their internet service disabled or somehow their modem is configured with wrong username and password. That will produce massive Accept-Rejects, because client modem continually try to request PPPOE connection.
That could cause high cpu consumption for Radius Servers and produce much log which burden troubleshooting effort.

Session throttle feature of Cisco IOS allows us to limit number of PPPoE PADI over period of time and help to prevent this situation.
How to use:
In the Ethernet environment:

       bba-group pppoe group1
            virtual-template 1
            sessions per-mac throttle 10 60 300

The above configuration cause BRAS not to answer PPPOE PADI if 10 request has passed within 60 seconds. The silent time will last for 300 seconds.

 

L2 Protocol Tunneling can cause loop

Turnning on l2protocol-tunnel cdp and vtp on the ports will cause loop in the network. Why?

Cisco 4500 IOS XE upgrade with ISSU

Checklist:

• auto-boot must be enabled
• SSO must be configured and standby supervisor engine in STANDBY HOT state
• NSF must be configured and working properly
• Current running IOS XE must support ISSU
• 
  

For detail, refer this http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/3.1.1SG/configuration/guide/issu.pdf

User port configuration guideline on Cisco switches

For the best security and service, the following configuration should be applied to switch ports that connect to end users (applicable in most scenario)

switch port-security
switch port-security maximum 1 (3 for port that connects to VoIP phone)
switch port-security violation shutdown
switchport host
spanning-tree bpdufilter enable
no cdp enable
storm-control broadcast include multicast
storm-control broadcast level 0.1
storm-control broadcast shutdown

Spanning Tree Protocol most noticeable questions

What happens when whole network first boots up?
What happens after network converges?
What happens when new switch is added to network?
What should be done before adding new switch?
What happens when switch port up/down?
What happens when STP configuration on a switch is changed?

Broadcast issue with bridge-domain on ASR9000

By default, Flood Optimization feature on ASR9K prevents broadcast and multicast frames to be flooded to the other interfaces that are located on different line cards.

For example, if one bridge-domain contains one Bundle-Ethernet interface and one physical interface Gigabit 0/1/0/12, broadcast received from interface G0/1/0/12 will never be flooded to the BE interface.

In some application, that's not a good idea. To change this, enter flood mode convergence-optimized command under bridge-domain configuration.

Click here for more information about this feature.

Cisco PPPoE: No idb found! Framed IP Addr might not be included

I encountered this issue today when setting wrong value for the CiscoAVPair attribute on LDAP.
I have radiusIPPool in LDAP mapping to Cisco AVPair used to assign IP Pool for PPPoe users.
The right format for this attribute is "ip:addr-pool=", but I put only
 But the problem is, Cisco BRAS doesn't reject user's connection and just issue the log "No idb found! Framed IP Addr might not be included". That cause the user keep establishing new ppp connnection to BRAS until the maximum session for that user is met or the BRAS has no more resource for new connection.

BE CAREFUL with Cisco AVPAir. Wrong format could cause serious or unexpected problem.

Following is the log message:



Jul 22 13:17:10 VN-Time: RADIUS(00056ED0): Send Access-Request to 192.168.1.2:1812 id 1645/151, len 155
Jul 22 13:17:10 VN-Time: RADIUS:  authenticator 60 D0 60 C5 56 AF 76 65 - 95 40 85 C0 41 88 80 2D
Jul 22 13:17:10 VN-Time: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul 22 13:17:10 VN-Time: RADIUS:  User-Name           [1]   11  "ctvtnpc6a"
Jul 22 13:17:10 VN-Time: RADIUS:  User-Password       [2]   18  *
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-Port-Type       [61]  6   PPPoEoVLAN                [33]
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-Port            [5]   6   1124077332              
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-Port-Id         [87]  13  "4/0/19/3860"
Jul 22 13:17:10 VN-Time: RADIUS:  Vendor, Cisco       [26]  41
Jul 22 13:17:10 VN-Time: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=0050.7f7a.02bb"
Jul 22 13:17:10 VN-Time: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-IP-Address      [4]   6   116.xxx.xxx.xxx            
Jul 22 13:17:10 VN-Time: RADIUS:  Acct-Session-Id     [44]  22  "4/0/19/3860_00057816"
Jul 22 13:17:10 VN-Time: RADIUS(00056ED0): Sending a IPv4 Radius Packet
Jul 22 13:17:10 VN-Time: RADIUS(00056ED0): Started 5 sec timeout
Jul 22 13:17:11 VN-Time: RADIUS: Received from id 1645/149 192.168.1.2:1812, Access-Reject, len 30
Jul 22 13:17:11 VN-Time: RADIUS:  authenticator 44 A6 24 BA 1A B8 0E B3 - A8 A5 F1 27 90 81 01 A7
Jul 22 13:17:11 VN-Time: RADIUS:  Reply-Message       [18]  10
Jul 22 13:17:11 VN-Time: RADIUS:   55 6E 6B 6E 6F 77 6E 20          [ Unknown ]
Jul 22 13:17:11 VN-Time: RADIUS(00056ECF): Received from id 1645/149
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: Reply-Message fragments, 8, total 8 bytes
Jul 22 13:17:11 VN-Time: RADIUS: Received from id 1645/150 192.168.1.2:1812, Access-Accept, len 218
Jul 22 13:17:11 VN-Time: RADIUS:  authenticator 74 B2 77 A0 FB E0 9B E3 - 87 5A 74 1E A1 48 20 0C
Jul 22 13:17:11 VN-Time: RADIUS:  Class               [25]  88
Jul 22 13:17:11 VN-Time: RADIUS:   53 42 52 32 43 4C 9C F2 A2 ED EF AF F3 B1 F3 C0 11 80 43 01 80 04 81 99 8C 86 80 02 80 0A 81 B1 DD 8E E7 A3 B9 E0 E3 9B 80 06 80 05 81 BC 80 C0 80 80 12 80 0E 81 9C F2 A2 ED EF AF F3 B1 F3 C0 80 81 97 C8 13 80 0E 81 99 8C 86 82 EB 8D E8 F6 BA 9B CE 86 99 D8           [ SBR2CLC]
Jul 22 13:17:11 VN-Time: RADIUS:  NAS-Port-Id         [87]  14  "4/0/19/3860 "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  37
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   31  "ip:sub-qos-policy-in=NPC6_UP "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  40
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   34  "ip:sub-qos-policy-out=NPC6_DOWN "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  19
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   13  "IP_POOL_03 "
Jul 22 13:17:11 VN-Time: RADIUS: Received from id 1645/151 192.168.1.2:1812, Access-Accept, len 220
Jul 22 13:17:11 VN-Time: RADIUS:  authenticator 6C 44 67 BC 5B 96 8A 52 - 18 5D E5 C2 8D 30 AE 49
Jul 22 13:17:11 VN-Time: RADIUS:  Class               [25]  90
Jul 22 13:17:11 VN-Time: RADIUS:   53 42 52 32 43 4C 9C F2 A2 ED EF AF F3 B1 F3 C0 11 80 45 01 80 04 81 99 8C 86 80 02 80 0B 81 B1 DD 8E E7 A3 B9 E0 E3 9B 98 A0 06 80 05 81 BC C0 C0 80 80 12 80 0E 81 9C F2 A2 ED EF AF F3 B1 F3 C0 80 81 97 CC 13 80 0F 81 99 8C 86 82 EB 8D E8 F6 BA 9B CE 86 99 D9 C2           [ SBR2CLE]
Jul 22 13:17:11 VN-Time: RADIUS:  NAS-Port-Id         [87]  14  "4/0/19/3860 "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  37
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   31  "ip:sub-qos-policy-in=NPC6_UP "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  40
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   34  "ip:sub-qos-policy-out=NPC6_DOWN "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  19
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   13  "IP_POOL_03 "
Jul 22 13:17:11 VN-Time: RADIUS(00056ED1): Received from id 1645/150
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse VSA parts error
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: convert VSA string; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: cisco VSA type 1; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: VSA; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: decoder; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: attribute Vendor-Specific; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse response op decode; FAIL
Jul 22 13:17:11 VN-Time: RADIUS(00056ED0): Received from id 1645/151
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse VSA parts error
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: convert VSA string; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: cisco VSA type 1; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: VSA; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: decoder; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: attribute Vendor-Specific; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse response op decode; FAIL
Jul 22 13:17:16 VN-Time: RADIUS: [No of bits] slot : 4 port : 3 adapter : 1
        vlanid : 24 vci : 0 vpi : 0 inner_vlan_id : 0
Jul 22 13:17:16 VN-Time: RADIUS: [No of bits] slot : 4 port : 3 adapter : 1
        vlanid : 24 vci : 0 vpi : 0 inner_vlan_id : 0
Jul 22 13:17:16 VN-Time: RADIUS: [No of bits] slot : 4 port : 3 adapter : 1
        vlanid : 24 vci : 0 vpi : 0 inner_vlan_id : 0
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE(00056ED3):Orig. component type = PPPoE
Jul 22 13:17:16 VN-Time: RADIUS: DSL line rate attributes successfully added
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0x4 for character S with bitmask 0xF
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x4 with bit 4 processed
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0x0 for character A with bitmask 0x1
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x8 with bit 5 processed
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0x3 for character P with bitmask 0x7
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x43 with bit 8 processed
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0xF14 for character V with bitmask 0xFFFFFF
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x43000F14 with bit 32 processed
Jul 22 13:17:16 VN-Time: RADIUS(00056ED3): Config NAS IP: 0.0.0.0
Jul 22 13:17:16 VN-Time: RADIUS(00056ED3): Config NAS IPv6: ::
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE(00056ED3): acct_session_id: 358425
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE(00056ED3): Acct-session-id pre-pended with Nas Port = 4/0/19/3860
Jul 22 13:17:16 VN-Time: RADIUS(00056ED3): sending

Installing Rsyslog and Log Analyzer

Operating system: RedHat Linux Enterprise 6.

Assume that Apache has been installed and configured to work properly. Apache docsroot is /var/www/html.

This installation is aimed to provide syslog facility to networking devices such as routers, switches, servers and to use Log Analyzer to view and analyse syslog.

1. Configuring Rsyslog
Rsyslog is installed by default in RHEL environment. If not, do it following this.
Configure Rsyslog to receive syslog via UDP port 514:
Edit /etc/rsyslog.conf
Uncomment $ModLoad imudp.so and $UDPServerRun 514
Add $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format and comment all other $ActionFileDefaultTemplate

Add *.* /var/log/syslog and comment all other rules if not used. That causes all syslog messages received to be put to file /var/log/syslog.

Make Rsyslog to automatically start when OS reboots:
Run chkconfig rsyslog on
Start Rsyslog: /etc/init.d/rsyslog start

2. Installing Log Analyzer
Get it
Install it
DONE.
If you get this message "Syslog file is not readable, read access may be denied". Follow this to resolve

3. Configuring logging in Cisco IOS


logging esm config // Send to syslog server every command that user enters. Used to track what user has done on IOS.
logging trap notifications // Choose lowest severity level to send to syslog. In this case syslog messages include emerg, alert, crit, err, warning and notice. If you want more, put logging trap info or even lower.
logging origin-id hostname // To send HOSTNAME in syslog msg
logging source-interface Loopback0 // Source IP address used to send syslog msg
logging 192.168.16.9 // Syslog server

Apache file permission issue

I was so crazy about this.
I tried to setup Log Analyzer site but couldn't get it work as wanted. "Syslog file is not readable, read access may be denied" is what I got instead of syslog information.

Searching in the net and asking for help from friends didn't work. All I got were about using such:
chmod 644 or 755 or even 777
Or chown

At last, I found out that, the main cause of the issue is SE Linux. SE Linux prevents Apache from accessing files outside its granted folders (that's /var/www). Following shows how to overcome this:
Solution 1:
Disable SE Linx (Not recommended)
edit /etc/selinux/config
change SELINUX=enforcing to SELINUX=disabled
DONE.

Solution 2:

Grant permission to apache user (The one that's used to run apache web server) over /var/log/ or anywhere you want.

OpenLDAP for ISP on RedHat Enterprise 6

This posts shows step by step of installing OpenLDAP on RHEL 6.
The next post will shows how to add more LDAP objects and AAA attributes that often being used in Internet Service Provider environment (such as Framed-IP-Address, NAS-Port-ID...)

1. Installing compiler tools
RHEL doesn't install this by default. At least that's true to me.
Refer to this
2. Installing Prerequisites software
2.1. Installing Oracle Berkeley Database
[root@openldap db-5.1.25]# cd build_unix
[root@openldap db-5.1.25]# ../dist/configure
[root@openldap db-5.1.25]# make
[root@openldap db-5.1.25]# make install

2.2. Installing OpenSSL
Get it (Require internet connection to the server)
[root@openldap tmp]# wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
Install it
[root@openldap tmp]# tar zxvf openssl-1.0.0d.tar.gz
[root@openldap openssl-1.0.0d]# ./config
[root@openldap openssl-1.0.0d]# make
[root@openldap openssl-1.0.0d]# make install

2.3. Installing Cyrus SASL
Install Cyrus SASL from RHEL DVD: [root@openldap Packages]# rpm -Uvh cyrus-sasl-2.1.23-8.el6.x86_64.rpm
2.4. Installing Kerberos Authentication Service
3. Installing OpenLDAP
3.1. Get the latest version
http://www.openldap.org/software/download/
3.2. Compile and install
CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
export CPPFLAGS
LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.7/lib -R/usr/local/BerkeleyDB.4.7/lib"
export LDFLAGS
LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.7/lib"
export LD_LIBRARY_PATH4. Configuring OpenLDAP

4.1. Create database for storing config information (config DIT)
4.2. Create database for root DIT
In this example, root DIT is: dc=test, dc=com

Create VLAN on Ubuntu

First, check to see whether NIC supports 802.1Q

If yes, install VLAN support to Ubuntu:

sudo apt-get install vlan

Edit your /etc/network/interfaces file so it would contain the following:

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
auto vlan11
auto vlan22


# VLAN 11

iface vlan11 inet static
address x.x.x.x
netmask x.x.x.x
vlan_raw_device eth0

# VLAN 22
iface vlan5 inet static
address 172.16.0.1
netmask 255.255.255.0
vlan_raw_device eth0

Restart your network interface:

sudo /etc/init.d/networking restart


Done. If you connects that Ubuntu to a switch via trunk link, it can serve multiple VLANs same as the routers do.

PPPoE Server on Ubuntu 10

If you need a PPPoE for your network or just for hacking a very poor security Ethernet network, follow this to create a PPPoE server on a Ubuntu server.

Note that:
In poor security ethernet network, when a pppoe client sends request in broadcast form, that request could reach not only genuine BRAS but also other clients. If you setup a client as pppoe server, and your reply comes to the client before that BRAS's one, the client will choose you. You will be the gateway. That's cool.

Installation

sudo apt-get install ppp

sudo apt-get install pppoe

cd /etc/ppp/

vi options

uncomment auth to enable authentication that requires users to enter password

comment noauth to disable non-authentication

uncomment +pap and +chap to enable PAP an CHAP authentication method

vi pap-secrets and chap-secrets to add new users

Start PPPoE Server

In this example, pppoed will listen on interface eth0, local IP for eth0 is 172.16.16.1, dynamic IP for clients ranges from 172.16.16.2

sudo pppoe-server -I eth0 -L 172.16.16.1 -R 172.16.16.2 -O /etc/ppp/options

Now we can create PPPoE session on our client host to connect to the server

In case you want to enable clients to connect to the internet, you must change local IP and Remote IP to public IP addresses. Or you could enable NAT on the server

Enable NAT on Ubuntu using ufw (IP Masquerading)

First, packet forwarding needs to be enabled in ufw. 

Two configuration files will need to be

adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:

Then edit /etc/ufw/sysctl.conf and uncomment: net/ipv4/ip_forward=1

(Similarly, for IPv6 forwarding uncomment: net/ipv6/conf/default/forwarding=1)

Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the

filter table, and to enable masquerading the nat table will need to be configured. Add the following

to the top of the file just after the header comments:

# nat Table rules

*nat

:POSTROUTING ACCEPT [0:0]

# Forward traffic from eth0 through eth1.

-A POSTROUTING -s 172.16.16.0/24 -o eth1 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't be processed

COMMIT

In the above example replace eth0, eth1, and 172.16.16.0/24 with the appropriate

interfaces and IP range for your network.

Finally, disable and re-enable ufw to apply the changes:

sudo ufw disable && sudo ufw enable

IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the

/etc/ufw/before.rules. It is recommended that these additional rules be added to the ufw-beforeforward

chain.

FreeRADIUS deployment on RedHat Enterprise Linux

OS Preparation

Installing gcc compiler tool
RHEL is not installing gcc by default, so gcc need to be installed first before configuring the source
Install gcc tools from RHEL DVD
create a folder to mount cdrom to
mkdir /cdrom
insert RHEL DVD disk 1, mount /dev/cdrom /cdrom
enter /cdrom/Packages
Install Kernal Headers first

[root@radius Packages]# rpm -Uvh kernel-headers-2.6.32-71.el6.x86_64.rpm

Looking for gcc packages
run rpm -Uvh gcc-??? (enter TAB to display all the packages that start with gcc)


[root@radius Packages]# rpm -Uvh gcc-4.4.4-13.el6.x86_64.rpm
warning: gcc-4.4.4-13.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
        cloog-ppl >= 0.15 is needed by gcc-4.4.4-13.el6.x86_64
        cpp = 4.4.4-13.el6 is needed by gcc-4.4.4-13.el6.x86_64
        glibc-devel >= 2.2.90-12 is needed by gcc-4.4.4-13.el6.x86_64

If the above error displayed, enter the following command
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm

If this error message displayed, fix it first


warning: cloog-ppl-0.15.7-1.2.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
        libppl.so.7()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
        libppl_c.so.2()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
        libmpfr.so.1()(64bit) is needed by cpp-4.4.4-13.el6.x86_64
        glibc-headers is needed by glibc-devel-2.12-1.7.el6.x86_64
        glibc-headers = 2.12-1.7.el6 is needed by glibc-devel-2.12-1.7.el6.x86_64
Use the following link to find the package that contains libppl.so.7 and so on library http://rpmfind.net/linux/rpm2html/

[root@radius Packages]# rpm -Uvh ppl-0.10.2-11.el6.x86_64.rpm mpfr-2.4.1-6.el6.x86_64.rpm glibc-headers-2.12-1.7.el6.x86_64.rpm

Repeat the previous step.
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm
Install gcc-c++
[root@radius Packages]# rpm -Uvh libstdc++-devel-4.4.4-13.el6.x86_64.rpm gcc-c++-4.4.4-13.el6.x86_64.rpm

Installing libtools
[root@radius Packages]# rpm -Uvh autoconf-2.63-5.1.el6.noarch.rpm automake-1.11.1-1.2.el6.noarch.rpm libtool-2.2.6-15.5.el6.x86_64.rpm
[root@radius Packages]# rpm -Uvh libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm


If you need to config or change IP address of your server, refer to this link


Get the software
Download FreeRADIUS package to /tmp
[root@radius tmp]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.10.tar.gz

Prerequisites
No prerequisites required

Installation

[root@radius tmp]# tar zxvf freeradius-server-2.1.10.tar.gz
[root@radius freeradius-server-2.1.10]# ./configure
To enable LDAP authentication, use ./configure --with-modules="rlm_ldap"
[root@radius freeradius-server-2.1.10]# make
[root@radius freeradius-server-2.1.10]# make install

Default installation location on RHEL
/usr/local/etc/raddb/
config file: /usr/local/etc/raddb/radiusd.conf
Radius server daemon: /usr/local/var/run/radiusd

Configuration

Start/Stop the server

Testing server

LDAP configuration for authenticating
SQL configuration for accounting
Securing the server

Change IP Address on RedHat Enterprise Linux

1. Open Terminal.
2. Open network configuration file. In this example, it’ll configure on interface eth0. Type
vi /etc/sysconfig/network-scripts/ifcfg-eth0
The current and default configuration is DHCP.
3. Modify the file by press ‘i’ to enter insert mode. Change BOOTPROTO to static and add IP Address and Net mask as new lines if they’re not existed yet..
BOOTPROTO=static
IPADDR=192.168.125.10
NETMASK=255.255.255.0
4. Save the configuration file by press ESC + ‘:’ and type ‘wq’ to write and quit the editor.
5. You can added these configuration to the config file. Replace [number] with your actual value.
GATEWAY=[number]
TYPE=Ethernet
NETWORK=[number]
BROADCAST=[number]
6. Restart the network interface card. Type
service network restart
7. Review the configuration. Type
ifconfig