Report from the forum
IPoE server with mac authentication generates a wrong dictionary
Example of configuration:
set service ipoe-server authentication interface eth1.50 mac-address 00:0c:29:67:ad:e1 vlan-id '50' set service ipoe-server authentication interface eth1.51 mac-address 00:0c:29:0a:ef:70 vlan-id '51' set service ipoe-server authentication mode 'local' set service ipoe-server client-ipv6-pool delegate 2001:db8:8002::/48 delegation-prefix '56' set service ipoe-server client-ipv6-pool prefix 2001:db8:8001::/48 mask '64' set service ipoe-server interface eth1.50 client-subnet '172.16.50.0/24' set service ipoe-server interface eth1.51 client-subnet '172.16.98.0/24' set service ipoe-server name-server '10.17.6.120' set service ipoe-server name-server '8.8.8.8' set service ipoe-server name-server '2001:4860:4860::8888' set service ipoe-server name-server '2001:4860:4860::8844'
In the commit we don't see mac list for eth1.51
vyos@r14# commit [ service ipoe-server ] DEBUG: interface: eth1.50, mac: 00:0c:29:67:ad:e1 {'auth_interfaces': [{'mac': [{'address': '00:0c:29:67:ad:e1', 'rate_download': '', 'rate_upload': '', 'vlan': '50', 'vlan_id': ''}], 'name': 'eth1.50'}, {'mac': [], 'name': 'eth1.51'}], 'auth_mode': 'local', 'chap_secrets_file': '/run/accel-pppd/ipoe.chap-secrets', 'client_ipv6_delegate_prefix': [{'mask': '56', 'prefix': '2001:db8:8002::/48'}], 'client_ipv6_pool': [{'mask': '64', 'prefix': '2001:db8:8001::/48'}], 'client_named_ip_pool': [], 'dnsv4': ['10.17.6.120', '8.8.8.8'], 'dnsv6': ['2001:4860:4860::8888', '2001:4860:4860::8844'], 'interfaces': [{'ifcfg': '1', 'mode': 'L2', 'name': 'eth4.50', 'range': '172.16.50.0/24', 'sess_start': 'dhcpv4', 'shared': '1', 'vlan_mon': []}, {'ifcfg': '1', 'mode': 'L2', 'name': 'eth4.51', 'range': '172.16.98.0/24', 'sess_start': 'dhcpv4', 'shared': '1', 'vlan_mon': []}], 'radius_acct_inter_jitter': '', 'radius_acct_tmo': '3', 'radius_dynamic_author': '', 'radius_max_try': '3', 'radius_nas_id': '', 'radius_nas_ip': '', 'radius_server': [], 'radius_shaper_attr': '', 'radius_shaper_enable': False, 'radius_shaper_multiplier': '', 'radius_shaper_vendor': '', 'radius_source_address': '', 'radius_timeout': '3', 'thread_cnt': 2} [edit] vyos@r14#
As a result chap-secrets file incorrect
vyos@r14# sudo cat /run/accel-pppd/ipoe.chap-secrets # username server password acceptable local IP addresses shaper eth1.50 * 00:0c:29:67:ad:e1 * [edit] vyos@r14#
Possible reason wrong list build here https://github.com/vyos/vyos-1x/blob/bdd7f6be4afae6dd8ccefede5de809f9bb73ee1d/src/conf_mode/service_ipoe-server.py#L120-L146