Radius Accounting and AP1100

Similar Messages

• SG300-28 RADIUS accounting firmware 1.0.0.27 and 1.1.2.0

  Hi,
  I am using the CISCO SG300-28 with firmware version 1.0.0.27. I enabled RADIUS authentication and accounting. Authentication is working but there are no accounting requests/replys (Accounting on, accounting off, accoun ting start, accounting stop) when running RADIUS in debug mode. I also did a packetcapture and there are no accounting packets.
  So i updated the firmware image up to version 1.1.2.0.
  When I now want to configure accounting in RADIUS settings then there isn't any option to set an accounting port.
  Ich checked the data sheet of the switch and it says that accounting is supported:
  ===============================================
  802.1X: RADIUS authentication and accounting, MD5  hash; guest VLAN; unauthenticated VLAN, single/multiple host mode and  single/multiple sessions
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html
  ===============================================
  I did a second packet capture with the new firmware image and there are still no accounting packets.
  The RADIUS server is configured correct for accounting because when using another NAS like a WLAN-AP with DD-WRT accounting is workings. It is working with pfsense Captive Portal (an open source firewall and routing solution with a hotspot portal).
  Thank you for your feedback!
  Alexander Wilke

  Hi,
  I made some more tests with the switch and the different image versions. I did the following:
  Image 1.0.0.27
  [1.0.0.27.cap]: packetcapture (uncut to show you that I didn't cut something) between SG300-28 and freeradius 2.1.12
  [Image-version-1.0.0.27.jpg]: Screenshot of the active image
  [radius-1.0.0.27.jpg]: screenshot of the GUI which shows authentication and accounting
  Image 1.1.2.0
  [1.1.2.0.cap]: packetcapture (uncut to show you that I didn't cut something) between SG300-28 and freeradius 2.1.12
  [Image-version-1.1.2.0.jpg]: Screenshot of the active image
  [radius-1.1.2.0.jpg]: screenshot of the GUI which shows authentication without accounting
  excerpt of radiusd.conf (interfaces):
  listen {
          type = auth
          ipaddr = 192.168.0.22
          port = 1812
  listen {
          type = acct
          ipaddr = 192.168.0.22
          port = 1813
  clients.conf
  client "CISCO" {
      ipaddr = 192.168.0.19
      proto = udp
      secret = pfsense
      require_message_authenticator = no
      max_connections = 16
      shortname = CISCO
      nastype = other
      #login = !root
      #password = someadminpas
      #virtual_server = home1
      #coa_server = coa
  users file:
  "myuser" Cleartext-Password := "mypass"
      Tunnel-Type = VLAN,
      Tunnel-Medium-Type = IEEE-802,
      Tunnel-Private-Group-ID = "10"

• TACACS auth and RADIUS accounting with ACS

  I am having RADIUS accounting issues with an ASA 5520 that uses TACACS for authentication. Both are hosted on the same ACS server. I can send RADIUS info to my Microsoft IAS box but get Syslog ID 113022 errors when trying to send to the ACS RADIUS. A packet capture shows the RADIUS accounting request getting to the ACS box (Windows Server 2003 R2) but syslog shows failedauth. Any ideas?

  Thank you for the response. I did verify the syslog explanation you gave below and the AAA server is online as TACACS message are getting to it. My configuration for the ASA for RADIUS is as follows
  Server Group - RADIUS
  Protocol - RADIUS
  Accounting Mode - Simultaneous
  Reactivation Mode - Timed
  Max Failed attempts - 3
  Two servers in the Server Group
  ACS - Not working
  Microsoft IAS - Working
  I have tried removing the IAS server and changing the accounting mode to single and still getting auth failures.
  ACS is configured as follows
  Network Configuration
  AAA Clients - ASA authenticate using TACACS+
  AAA Servers - None listed. When I tried to add the ACS machine the error said the server already existed (In another Network Device Group)

• 2504 WebAuth and IPv6 RADIUS Accounting (IPv6-Framed-Address)

  Hi Board,
  I'm playing around with RADIUS Accounting in combination with local web authentication on the wireless LAN controller.
  So far so good - everything works well, but I'm missing the "IPv6-Framed-Address" in the RADIUS accounting messages.
  The only thing I can see is the v4 framed IP address and the "Framed-IPv6-Prefix". According to the configuration guide
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0101001.html#ID807
  the "IPv6-Framed-Address" should be sent by the WLC. I took a capture on a span port of the WLC to verify this. Anybody else experiencing this behavior or is it a simple misconfiguration on my side? In the client details I can see the global IPv6 addresses and the link-local.
  I tested it on a WLC 2504 with 8.0.100.0 code.
  Cheers
  Johannes

  Hi Board,
  I'm playing around with RADIUS Accounting in combination with local web authentication on the wireless LAN controller.
  So far so good - everything works well, but I'm missing the "IPv6-Framed-Address" in the RADIUS accounting messages.
  The only thing I can see is the v4 framed IP address and the "Framed-IPv6-Prefix". According to the configuration guide
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0101001.html#ID807
  the "IPv6-Framed-Address" should be sent by the WLC. I took a capture on a span port of the WLC to verify this. Anybody else experiencing this behavior or is it a simple misconfiguration on my side? In the client details I can see the global IPv6 addresses and the link-local.
  I tested it on a WLC 2504 with 8.0.100.0 code.
  Cheers
  Johannes

• WLC 4400 and RADIUS accounting

  Have trawled what docs there are and cant find out if the RADIUS accounting messages from the 4400 include the name of the lightweight AP handling the user session.
  I'm guessing there might be a new Cisco VSA for it.
  Anyone know?
  Thanks

  The error message could be because of any unused protocol.

• After ISE 1.2 upgrade I get "5413 RADIUS Accounting-Request dropped."

  Hello,
  I have a two admin node setup for ISE. I just upgraded one of my two ISE Admin nodes to Version 1.2. I still have one of my admin  nodes at 1.1.4. When I disable my Version 1.1.4 node and allow wireless authentications to be handled by the Version 1.2 node I get the message..."5413 RADIUS Accounting-Request dropped". None of my wireless edge devices will be allowed on the network during this time. When I re-enable my 1.1.4 node my wireless devices are then allowed on the network.
  I am currently using ISE to authenticate wireless connectivity.
  I also get the failure reason... "11038 RADIUS Accounting-Request header contains invalid Authentication field".
  Any ideas?
  Bob

  The 5413 RADIUS Accounting-Request dropped may be because the session was active on ISE1 and is now sending update messages to ISE2. Also, verify your shared secret radius key matches on both the wlc and ISE servers. I would try clearing the WLC connection for the test user when switching.  Just turning off wireless and back on doesn't do it.  Also, are you using PEAP-MSChapv2 or EAP-TLS for authenticating the clients.  What type of certificate is presented, public or private?

• ISE 1.2 - WLC 5508 - NAS sends RADIUS accounting update messages too frequently

  I'm getting this error in ISE referring to my Cisco 5508 WLC.  I'm not sure how to turn down the frequency.  Any ideas?
  NAS sends RADIUS accounting update messages too frequently
  Verify NAS configuration. Verify known NAS issues.

  I opened up a TAC case with Cisco yesterday and this is the response i got from them:
  There is bug on the WLC side to reduce the number acct updates:
  CSCug14713- WLC sends acct-update twice in the same millisecond
  This is fixed in 8.x on the WLC.
  So, it looks at though we just have to deal with it until they release an 8.x version for the WLC. In the meantime, you can disable the alerts in ISE.
  Administration>Settings>Alarm Settings>Misconfigured Network Device Detected
  Edit that alarm and set it to disabled

• ISE 1.2 - Error 12929 NAS sends RADIUS accounting update messages too frequently

  We are currently running Cisco ISE 1.2, and every day under the "Misconfigured Network Devices" section on the main ISE Page, I have a huge list of different devices that are all being flagged with the following error message:
  "12929 NAS sends RADIUS accounting update messages too frequently." " NAS sends RADIUS accounting update messages too frequently
  Verify NAS configuration. Verify known NAS issues."
  The list of devices seems to all be Cisco switches; albeit different models, IOS versions, ect.  
  i have searched on this issue, and the closest thing to a fix I can find is that it would be fixed in a WLC update, but that was 9 months ago.    I would like to know what causes this issue, and what needs to be altered in ISE, or on the switches to resolve this.
  Thank You.

   CSCuh20269    WLC sends acc updates too frequently, indicates user roams to itself  is the defect specifically on the WLC that is fixed in one of the 7.6 releases.
  Along with the config Jatin mentioned, you may want to try pulling an Accounting report from ISE periodically and analyze the traffic/isolate the endpoints/supplicants that may be causing  a lot of activity (For ex frequent IP changes ) which results in frequent accounting updates.
  Regards,
  Gurudatt
  Escalation engineer, SAMPG | CCIE#28227
  Cisco systems

• Radius accounting for QoS pppoe policy-map

  Hi folks
  I have a radius pushing an AVPAIR ip:sub-qos-policy-out to a virtual template for clients connected to a BRAS through PPPOE.
  The AVPAIR is correctly applied to each and every pppoe session but the following link  http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sbbbrs1c.html  is indicating that I should be able to push back to the RADIUS some traffic info per class-map/policy map. This would allow some Quota stuff and getting some info about traffic used per customer
  From what I have been able to configure, i'm not getting any of this stats back to the RADIUS
  the debug radius accounting :
  *Mar 12 05:29:00.419: RADIUS/ENCODE(0000000E):Orig. component type = PPPoE
  *Mar 12 05:29:00.419: RADIUS/ENCODE(0000000E): Acct-session-id pre-pended with Nas Port = 0/0/3/0
  *Mar 12 05:29:00.419: RADIUS(0000000E): Config NAS IP: 0.0.0.0
  *Mar 12 05:29:00.419: RADIUS(0000000E): sending
  *Mar 12 05:29:00.419: RADIUS/ENCODE: Best Local IP-Address 192.168.38.133 for Radius-Server 192.168.38.131
  *Mar 12 05:29:00.419: RADIUS(0000000E): Send Accounting-Request to 192.168.38.131:1813 id 1646/55, len 299
  *Mar 12 05:29:00.419: RADIUS:  authenticator ED 94 CF EE BD 73 30 7E - 93 07 A4 C3 50 A6 03 DE
  *Mar 12 05:29:00.419: RADIUS:  Acct-Session-Id     [44]  18  "0/0/3/0_00000005"
  *Mar 12 05:29:00.419: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
  *Mar 12 05:29:00.419: RADIUS:  Framed-IP-Address   [8]   6   10.10.10.2
  *Mar 12 05:29:00.419: RADIUS:  User-Name           [1]   9   "olivier"
  *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  35
  *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   29  "connect-progress=LAN Ses Up"
  *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  29
  *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   23  "nas-tx-speed=10000000"
  *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  29
  *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   23  "nas-rx-speed=10000000"
  *Mar 12 05:29:00.419: RADIUS:  Acct-Session-Time   [46]  6   2582
  *Mar 12 05:29:00.419: RADIUS:  Acct-Input-Octets   [42]  6   7232
  *Mar 12 05:29:00.419: RADIUS:  Acct-Output-Octets  [43]  6   7232
  *Mar 12 05:29:00.419: RADIUS:  Acct-Input-Packets  [47]  6   517
  *Mar 12 05:29:00.419: RADIUS:  Acct-Output-Packets [48]  6   517
  *Mar 12 05:29:00.419: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
  *Mar 12 05:29:00.419: RADIUS:  Acct-Status-Type    [40]  6   Watchdog                  [3]
  *Mar 12 05:29:00.419: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
  *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  15
  *Mar 12 05:29:00.419: RADIUS:   cisco-nas-port     [2]   9   "0/0/3/0"
  *Mar 12 05:29:00.419: RADIUS:  NAS-Port            [5]   6   50331648
  *Mar 12 05:29:00.419: RADIUS:  NAS-Port-Id         [87]  9   "0/0/3/0"
  *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  41
  *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=aabb.cc00.6430"
  *Mar 12 05:29:00.419: RADIUS:  Service-Type        [6]   6   Framed                    [2]
  *Mar 12 05:29:00.419: RADIUS:  NAS-IP-Address      [4]   6   192.168.38.133
  *Mar 12 05:29:00.419: RADIUS:  Ascend-Session-Svr-K[151] 10
  *Mar 12 05:29:00.419: RADIUS:   37 39 38 32 45 41 38 30          [ 7982EA80]
  *Mar 12 05:29:00.419: RADIUS:  Acct-Delay-Time     [41]  6   0
  *Mar 12 05:29:00.419: RADIUS(0000000E): Started 5 sec timeout
  *Mar 12 05:29:00.419: RADIUS: Received from id 1646/55 192.168.38.131:1813, Accounting-response, len 20
  *Mar 12 05:29:00.419: RADIUS:  authenticator A7 0E 79 40 C5 B5 CF DC - 09 46 27 48 52 BE 01 7D
  What I get in the freeradius log :
  Tue Mar 11 22:30:04 2014
          Acct-Session-Id = "0/0/3/0_00000005"
          Framed-Protocol = PPP
          Framed-IP-Address = 10.10.10.2
          User-Name = "olivier"
          Cisco-AVPair = "connect-progress=LAN Ses Up"
          Cisco-AVPair = "nas-tx-speed=10000000"
          Cisco-AVPair = "nas-rx-speed=10000000"
          Acct-Session-Time = 2646
          Acct-Input-Octets = 7428
          Acct-Output-Octets = 7428
          Acct-Input-Packets = 531
          Acct-Output-Packets = 531
          Acct-Authentic = RADIUS
          Acct-Status-Type = Interim-Update
          NAS-Port-Type = Virtual
          Cisco-NAS-Port = "0/0/3/0"
          NAS-Port = 50331648
          NAS-Port-Id = "0/0/3/0"
          Cisco-AVPair = "client-mac-address=aabb.cc00.6430"
          Service-Type = Framed-User
          NAS-IP-Address = 192.168.38.133
          X-Ascend-Session-Svr-Key = "7982EA80"
          Acct-Delay-Time = 0
          Acct-Unique-Session-Id = "523eac6ae326a778"
          Timestamp = 1394602204
          Request-Authenticator = Verified
  user config in the users file on the freeradius server :
  olivier Cleartext-Password := "olivier"
          Service-Type = Framed-User,
          Cisco-AVPair += "ip:addr-pool=pppoepool",
          Cisco-AVpair += "ip:sub-qos-policy-out=TEST"
  I see that the policy map name is pulled correctly from the radius server and applied to the session :
  #sh policy-map session uid 14
   SSS session identifier 14 -
    Service-policy output: TEST
      Class-map: TEST (match-all)
        0 packets, 0 bytes
        5 minute offered rate 0 bps, drop rate 0 bps
        Match: any
        police:
            cir 8000 bps, bc 1500 bytes
          conformed 0 packets, 0 bytes; actions:
            transmit
          exceeded 0 packets, 0 bytes; actions:
            drop
          conformed 0 bps, exceed 0 bps
      Class-map: class-default (match-any)
        0 packets, 0 bytes
        5 minute offered rate 0 bps, drop rate 0 bps
        Match: any
  Any input very welcome

  Cisco sever is working fine. When you do use non-standard or non-RFC requests from your NAS to the AAA server for instance, you have to configure your server accordingly to instruct it how to handle this kind of requests.
  This is typically done with something called "dictionary", which should be included in your radius server. The server typically decodes all RFC 2865 VSAs (or should), but when a new NAS model is introduced into the network, you can modify it to add any VSAs not appearing in the dictionary, which is your case.
  As an example, imagine you want to change the attribute cisco-vsa-port-string to tagged-string, your dictionary will look somethign similar than:
  And finally you will have to modify with a text editor, or XML editor and change type="tagged-string" supposing your device comply with RFC 2868. Probably
  the AAA server will have to restarted for taking this
  changes into account.
  Also,since this does apply to all devices for this vendor, you've got other option more, which is define your own dictionary for a specific vendor, or even if you wish for a specific NAS or group or NASes.
  In NavisRadius you could associate a dictionary to a
  device adding a client-class:
  # Client-IP Client-Secret Client-Class
  10.0.0.1 secret taos-old
  And then specifying the dictionary later in client_properties for this device:
  # This file contains information about client classes # and is used to set per-client specific information.
  # TAOS Devices in OLD mode with RFC conflicts
  taos-old
  Client-Dictionary=max_dictionary
  # Other devices now, etc.
  Hope it helps

• No RADIUS accounting with SF 302?

  Hello all,
  I have configured my SF 302-08P switch to perform 802.1X & MAC authentication. This works fine in both cases but I cannot get the switch to send accounting requests to my RADIUS server. Even when the server sends back an Acct-Interim-Interval attribute in the Access-Accept message, the switch doesn't generate accounting requests. Is it a known restriction or am I missing something?
  I'm a little bit surprised since the datasheet claims that both RADIUS authentication and accounting are supported for 802.1X. The switch version is 1.0.0.27.
  Regards,
  Simon

  Hi Simon,
  Yep according to the RFC2866 it states"
  When a client is configured to use RADIUS Accounting, at the start of
     service delivery it will generate an Accounting Start packet
     describing the type of service being delivered and the user it is
     being delivered to, and will send that to the RADIUS Accounting
     server, which will send back an acknowledgement that the packet has
     been received.  At the end of service delivery the client will
     generate an Accounting Stop packet describing the type of service
     that was delivered and optionally statistics such as elapsed time,
     input and output octets, or input and output packets.  It will send
     that to the RADIUS Accounting server, which will send back an
     acknowledgement that the packet has been received."
  The delay in my response was trying to simulate the scenario, but I don't have all the pieces here.
  Have a Chat to the boys/gals at SBSC to get some clarification.
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  regards Dave

• WLC 5508 Radius accounting issue

  I have a WLAN configured with 802.1x PEAP pointing to an external RADIUS server.  It works fine for the most part, but I'm having problem closing accounting sessions in RADIUS.  I've found this is related to the client table in the WLC.  The user session does not end in RADIUS unless the WLC officially removes the client from the db, which takes 5-6 minutes from what I can see (probably due to the default idle timeout of 300 seconds). 
  For example:
  1.  I connect my tablet to the test WLAN.  It associates and authenticates successfully and the WLC sends the accounting info to my RADIUS server, opening up a user session.  If I turn off the wifi in the tablet, the client entry stays in the WLC client table until it times out.  The WLC removes my tablet from the client table after 5-6 minutes, and then the session closes in the accounting table.  I can force the session to close much earlier by manually removing the client from the WLC.
  2.  Same as #1, but this time instead of turning of the wifi in the tablet, I choose to connect to a different WLAN in the WLC.  The user session in the accounting DB never closes.  If I reconnect back to the original test WLAN with 802.1x, it opens up yet another user session in RADIUS accounting.  Now I have a "dead" user session in accounting that is going to be open forever unless I delete it from SQL.
  Is this an issue with the end user client not sending the disassociation frame properly, or a config problem with the WLC?  How can I make it so that every time a client drops from an AP or moves to a different WLAN, the WLC would immediately send accounting updates to my RADIUS server and close the user session properly?
  Thanks,
  Wil

  Well like you said, the WLC will keep the client in the DB until the idle timer expires. This is normal and I don't think you will be able to change this unless you set the idle timer to a lower value.
  Sent from Cisco Technical Support iPhone App

• AAA Radius accounting command is not taking in 3750 switch

         Hi Cisco Support community,
  I am facing a issue with radius accounting in Cisco 3750 switch with version 12.2. I am unable to start accounting for radius server.
  This is the config that is on the switch for Radius.
  aaa authentication login default group radius local
  aaa authentication dot1x default group radius
  aaa authorization exec my-authradius group radius if-authenticated.
  radius-server attribute 6 on-for-login-auth
  radius-server dead-criteria time 20 tries 5
  radius-server host 10.100.1.225 auth-port 1645 acct-port 1646 key 7 14341A5801103F3904266021
  radius-server host 10.100.1.226 auth-port 1645 acct-port 1646 key 7 05280E5C2C585B1B390B4406
  When i try to add the following command for accounting, this is not saving.
  (aaa accounting commands 0 default start-stop group radius
  aaa accounting commands 1 default start-stop group radius
  aaa accounting commands 15 default start-stop group radius)
  If i do paste this command one by one after start-stop group it is showing only two options either tacacs+ or server, no radius option is there as well.
  I  tried to create a server group and add the radius server  in the group.  Even then when i am trying to implement the aaa accounting command with the server command it is not showing in show run.
  Can anyone please help me with this issue.

  Hi,
  thanks for your reply but the thing is that  i want to see the command that are being run by a user on  this particular device. If i use the network command it will only show me the  network-related service requests, including Serial Line Internet Protocol (SLIP), PPP, PPP Network Control Protocols (NCPs), and AppleTalk Remote Access Protocol (ARAP).
  I have read the document from this link and it is stating that we can use command accounting. Below is the link
  http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html. 
  Can anyone please tell me if this a version issue because even in version 15.4 i was not seeing the radius option in the end
  aaa accounting commands 15 default start-stop group (radius)- in radius place it was showing only Tacacs+ or group.

• How to identify used AP in RADIUS Accounting

  We are using 5508 WLC with 3602 APs.
  Looks like in RADIUS Authentication Called-Station-Id is the MAC address of the AP,
  but in RADIUS Accounting Called-Station-Id is the MAC address of the WLC.
  How can we change that behaviour so that Called-Station-Id will always be the MAC address of the AP?
  Or is there some other way to identify the actual AP to which the user is connected?
  Regards
  Timo

  Hmm, I did some trial and error and solved the problem.
  On the WLC, go to Security > AAA > RADIUS > Authentication and set the Call Station ID Type to "AP MAC Address:SSID". Even tho that seems to be for RADIUS Authentication, it changes the Called-Station-Id also for RADIUS Accounting.
  Thx anyway
  Timo

• BBSM 5.3 using RADIUS Authentication and ISA Logging

  I have a BBSM 5.3 that is configured to authenticate users via an RSA RADIUS Server and uses the transparent proxy setting which is all working.
  I was looking at the ISA Server logs and noted that all the log entries were using anon as the user, is it possible to get the RADIUS user account used to authenticate to appear in the ISA logs?

  The packet inactivity timer sees each packet coming from the client and will reset each time it sees one. It sounds to me like you still have traffic resetting the inactivity timer if the clients are staying connected.

• ACSv5.1, lack of clarity on radius accounting logs

  Hi,
  We are using an ACS 5.1 for remote VPN customers for radius authentication and accounting purposes.
  When I check the radius accounting logs, there are certain entries that do not make sense to me.
  For instance, there are certain Accounting session ids (refer 'Acct_Session_Id') with only a STOP record. But I do not see a START record corresponding to the session id. I am able to see many such entries.
  Can anybody throw some light on this information??
  Note - The customer environment consists of remote users who try to access the central NAS using IPSec. Requests that come to the NAS get directed to the ACS for AAA purposes.
  Also provided are some sample ACS logs [refer highlighted section]
  Regards,
  Abishek

  Hi welshydragon,
  The Openreach Superfast Fibre Broadband rollout is still in it's early stages and the plans are always being added too. 
  So your exchange may be added to the rollout plans later in the future. 
  The build of the fibre broadband infrastructure isn't always easy and can be very complex, so needs a lot of planning to start with and can take some time. Go to http://superfast-openreach.co.uk/the-big-build/ for information on the build.
  You can register your interest for Fibre Broadband such as BT Infinity by going to http://www.superfast-openreach.co.uk/expression-ge​n.aspx
  Unfortunately BT Retail (a communication provider/ISP who operates this forum) does not have much say as to when and if you will be able to get FTTC or FTTP/H based broadband such as BT Infinity.
  I also take it from your username that you live in Wales. If this is correct then see below.
  If you live in Wales, then the Welsh Government has recently started to plan the development of Superfast Fibre broadband in Wales.
  You may want to have a look at The Welsh Government Next Generation Broadband Wales Scheme-(Click Here To View) and Here
  Also the http://superfast-cymru.com website has only just become online and will give information about the Openreach Superfast Fibre broadband rollout in Wales.
  **The Fibre-Optic Broadband Rollout is being managed and done by Openreach for all communication providers/ISPs.
  BT Retail (a communication provider/ISP) has nothing to do with the rollout of fibre broadband.**
  Hope that helps,
  Cheers
  jac_95 | BT.com Help Site | BT Service Status
  Someone Solved Your Question?
  Please let other members know by clicking on ’Mark as Accepted Solution’
  Try a Search
  See if someone in the community had the same problem and how they got it resolved.