[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[pacnog] Cisco + PPPOE + FreeRadius
Hi,
I am trying to configure cisco 7204 to terminate ADSL pppoe connections.
Everything is ok but I ran into problem when the radius (FreeRadius)
assign a static ip for a particular user.
The router completely ignore it and continue to assign a dynamic ip for
the user.
Below is my router config + router debug + freeradius debug.
Welcome any help.
Regards
--
TCC/ENG/IT/Siumafua I.T. Moala
Tonga Communications Corp.
Nuku'alofa, Tonga Is.
Private Bag 4.
Phone : +676 20066, 26848
Fax No : +676 26701
Mob : +676 18115, 15194
Email : siumafua.moala@tcc.to[,kalianet.to]
==================================================================================
bba-group pppoe ADSL
virtual-template 1
sessions per-mac limit 2
sessions per-vlan limit 250
sessions auto cleanup
!
!
interface Loopback0
ip address 202.134.31.36 255.255.255.255
!
interface Loopback1
ip address 202.134.25.1 255.255.255.128
!
interface FastEthernet0/0
ip address 202.134.31.18 255.255.255.252
ip verify unicast source reachable-via rx allow-default 101
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 083543400E184B031D
duplex full
speed auto
no mop enabled
!
interface FastEthernet0/1
description ADSL-PPPOE interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex full
speed auto
no mop enabled
!
interface FastEthernet0/1.1
encapsulation dot1Q 102
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group ADSL
no cdp enable
!
interface Virtual-Template1
ip unnumbered Loopback1
ip mtu 1492
no ip route-cache cef
no logging event link-status
peer default ip address pool DYNAMIC
ppp authentication pap
ppp ipcp dns 202.134.24.119
ppp ipcp address required
ppp ipcp address unique
!
router ospf 209
log-adjacency-changes
area 0.0.0.0 authentication message-digest
passive-interface default
no passive-interface FastEthernet0/0
network 202.134.25.0 0.0.0.127 area 0.0.0.0
network 202.134.31.16 0.0.0.3 area 0.0.0.0
network 202.134.31.36 0.0.0.0 area 0.0.0.0
!
ip local pool DYNAMIC 202.134.25.20 202.134.25.126
ip local pool STATIC 202.134.25.2 202.134.25.19
ip route 0.0.0.0 0.0.0.0 202.134.31.17
ip route 0.0.0.0 255.255.255.255 202.134.31.17
!
no ip http server
no ip http secure-server
!
!
logging trap debugging
logging facility local2
access-list 13 permit 202.134.24.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
access-list 101 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
!
radius-server attribute nas-port format d
radius-server host 202.134.24.113 auth-port 1812 acct-port 1813
radius-server key 7 122935273D2E5E547A7E
radius-server vsa send accounting
radius-server vsa send authentication
DEBUG
004240: *Nov 15 14:43:43.658 UTC: Service tag: NULL Tag
004241: *Nov 15 14:43:43.658 UTC: PPPoE : encap string prepared
004242: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: Access IE handle allocated
004243: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: pppoe SSS switch updated
004244: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get retrieved attrs
004245: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get nas port details
004246: *Nov 15 14:43:43.658 UTC: AAA/BIND(00000016): Bind i/f
Virtual-Template1
004247: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get dynamic attrs
004248: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get dynamic attrs
004249: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA unique ID allocated
004250: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA method list set
004251: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: Service request sent to SSS
004252: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: Created, Service: None
R:0018.ba47.6806 L:2e00.5909.8d6f 102 Fa0/1.1
004253: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: State
NAS_PORT_POLICY_INQUIRY Event SSS_LOCAL
004254: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: O PADS R:2e00.5909.8d6f
L:0018.ba47.6806 Fa0/1.1
2E 00 59 09 8D 6F 00 18 BA 47 68 06 81 00 00 66
88 63 11 65 00 10 00 20 01 01 00 00 01 03 00 04 ...
004255: *Nov 15 14:43:43.662 UTC: ppp17 AAA/AUTHOR/LCP: Authorization
succeeds trivially
004256: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: State PPP_START Event
DYN_BIND
004257: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: data path set to PPP
004258: *Nov 15 14:43:45.686 UTC: AAA/AUTHEN/PPP (00000016): Pick method
list 'default'
004259: *Nov 15 14:43:45.686 UTC: RADIUS/ENCODE(00000016):Orig.
component type = PPoE
004260: *Nov 15 14:43:45.686 UTC: RADIUS(00000016): Config NAS IP: 0.0.0.0
004261: *Nov 15 14:43:45.686 UTC: RADIUS/ENCODE(00000016):
acct_session_id: 37
004262: *Nov 15 14:43:45.686 UTC: RADIUS(00000016): sending
004263: *Nov 15 14:43:45.686 UTC: RADIUS/ENCODE: Best Local IP-Address
202.134.31.18 for Radius-Server 202.134.24.113
004264: *Nov 15 14:43:45.686 UTC: RADIUS(00000016): Send Access-Request
to 202.134.24.113:1812 id 1645/16, len 130
004265: *Nov 15 14:43:45.686 UTC: RADIUS: authenticator D0 2F 0E 52 47
CE 73 D3 - 1B D4 EF 1A 22 DF BC EF
004266: *Nov 15 14:43:45.686 UTC: RADIUS: Vendor, Cisco [26] 41
004267: *Nov 15 14:43:45.686 UTC: RADIUS: Cisco AVpair [1] 35
"client-mac-address=2e00.5909.8d6f"
004268: *Nov 15 14:43:45.686 UTC: RADIUS: Framed-Protocol [7] 6
PPP [1]
004269: *Nov 15 14:43:45.686 UTC: RADIUS: User-Name [1] 10
"pro_dish"
004270: *Nov 15 14:43:45.686 UTC: RADIUS: User-Password [2] 18 *
004271: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-Port-Type [61] 6
Ethernet [15]
004272: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-Port [5] 6
16777318
004273: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-Port-Id [87] 11
"0/0/1/102"
004274: *Nov 15 14:43:45.686 UTC: RADIUS: Service-Type [6] 6
Framed [2]
004275: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-IP-Address [4] 6
202.134.31.18
004276: *Nov 15 14:43:45.690 UTC: RADIUS: Received from id 1645/16
202.134.24.113:1812, Access-Accept, len 83
004277: *Nov 15 14:43:45.690 UTC: RADIUS: authenticator 63 81 61 90 33
1A 62 03 - 02 66 25 1B 4E 27 CF 73
004278: *Nov 15 14:43:45.690 UTC: RADIUS: Service-Type [6] 6
Framed [2]
004279: *Nov 15 14:43:45.690 UTC: RADIUS: Session-Timeout [27] 6
14400
004280: *Nov 15 14:43:45.690 UTC: RADIUS: Idle-Timeout [28] 6
14400
004281: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-Protocol [7] 6
PPP [1]
004282: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-IP-Address [8] 6
202.134.25.2
004283: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-IP-Netmask [9] 6
255.255.255.128
004284: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-Routing [10] 6 3
004285: *Nov 15 14:43:45.690 UTC: RADIUS: Filter-Id [11] 9
004286: *Nov 15 14:43:45.690 UTC: RADIUS: 73 74 64 2E 70 70
70 [std.ppp]
004287: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-MTU [12] 6
1500
004288: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-Compression [13] 6
VJ TCP/IP Header Compressi[1]
004289: *Nov 15 14:43:45.694 UTC: RADIUS(00000016): Received from id 1645/16
004290: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: service-type
004291: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: timeout:
Peruser
004292: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: idletime:
Peruser
004293: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: Framed-Protocol
004294: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: addr
004295: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: route: Peruser
004296: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: netmask
004297: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: routing
004298: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: outacl: Peruser
004299: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: Framed-MTU
004300: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr:
link-compression: Peruser Full Vaccess
004301: *Nov 15 14:43:45.694 UTC: [17]PPPoE 16: State LCP_NEGOTIATION
Event PPP_LOCAL
004302: *Nov 15 14:43:45.694 UTC: PPPoE 16: Can not use sub-interface
004303: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: State
VACCESS_REQUESTED Event VA_RESP
004304: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: Vi3 interface obtained
004305: *Nov 15 14:43:45.698 UTC: AAA/BIND(00000016): Bind i/f
Virtual-Access3
004306: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: State PTA_BINDING
Event STAT_BIND
004307: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: data path set to Virtual
Acess
004308: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: Connected PTA
004309: *Nov 15 14:43:45.702 UTC: AAA/AUTHOR (0x16): Pick method list
'default'
004310: *Nov 15 14:43:45.702 UTC: AAA/AUTHOR (0x16): Pick method list
'default' - PASS - PASS - PASS - PASS
004311: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: Framed-Protocol
004312: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: username
004313: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/FSM: We can start LCP
004314: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: Framed-Protocol
004315: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: username
004316: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/FSM: We can start IPCP
004317: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/LCP: Process Author
004318: *Nov 15 14:43:45.702 UTC: [17]PPPoE 16: AAA get dynamic attrs
004319: *Nov 15 14:43:45.702 UTC: [17]PPPoE 16: AAA get dynamic attrs
004320: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/IPCP: Already authorized
004321: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/FSM: We can start IPCP
004322: *Nov 15 14:43:45.702 UTC: RADIUS/ENCODE(00000016):Orig.
component type = PPoE
004323: *Nov 15 14:43:45.702 UTC: RADIUS/ENCODE(00000016):
Acct-session-id pre-pended with Nas Port = 0/0/1/102
004324: *Nov 15 14:43:45.702 UTC: RADIUS(00000016): Config NAS IP: 0.0.0.0
004325: *Nov 15 14:43:45.702 UTC: RADIUS(00000016): sending
004326: *Nov 15 14:43:45.702 UTC: RADIUS/ENCODE: Best Local IP-Address
202.134.31.18 for Radius-Server 202.134.24.113
004327: *Nov 15 14:43:45.702 UTC: RADIUS(00000016): Send
Accounting-Request to 202.134.24.113:1813 id 1646/74, len 182
004328: *Nov 15 14:43:45.702 UTC: RADIUS: authenticator 01 97 89 AA 1B
52 4F D6 - 6D 5A 16 9A 90 54 78 E2
004329: *Nov 15 14:43:45.702 UTC: RADIUS: Acct-Session-Id [44] 20
"0/0/1/102_00000025"
004330: *Nov 15 14:43:45.702 UTC: RADIUS: Vendor, Cisco [26] 41
004331: *Nov 15 14:43:45.702 UTC: RADIUS: Cisco AVpair [1] 35
"client-mac-address=2e00.5909.8d6f"
004332: *Nov 15 14:43:45.706 UTC: RADIUS: Framed-Protocol [7] 6
PPP [1]
004333: *Nov 15 14:43:45.706 UTC: RADIUS: User-Name [1] 10
"pro_dish"
004334: *Nov 15 14:43:45.706 UTC: RADIUS: Vendor, Cisco [26] 32
004335: *Nov 15 14:43:45.706 UTC: RADIUS: Cisco AVpair [1] 26
"connect-progress=Call Up"
004336: *Nov 15 14:43:45.706 UTC: RADIUS: Acct-Authentic [45] 6
RADIUS [1]
004337: *Nov 15 14:43:45.706 UTC: RADIUS: Acct-Status-Type [40] 6
Start [1]
004338: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-Port-Type [61] 6
Ethernet [15]
004339: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-Port [5] 6
16777318
004340: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-Port-Id [87] 11
"0/0/1/102"
004341: *Nov 15 14:43:45.706 UTC: RADIUS: Service-Type [6] 6
Framed [2]
004342: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-IP-Address [4] 6
202.134.31.18
004343: *Nov 15 14:43:45.706 UTC: RADIUS: Acct-Delay-Time [41] 6 0
004344: *Nov 15 14:43:45.706 UTC: RADIUS: Received from id 1646/74
202.134.24.113:1813, Accounting-response, len 20
004345: *Nov 15 14:43:45.706 UTC: RADIUS: authenticator 15 39 E5 7D 5F
3F 5B 15 - 37 07 39 00 E3 2D 42 D5
004346: *Nov 15 14:43:45.710 UTC: Vi3 AAA/AUTHOR/IPCP: Start. Her
address 0.0.0.0, we want 0.0.0.0
004347: *Nov 15 14:43:45.710 UTC: Vi3 AAA/AUTHOR/IPCP: Authorization
succeeded
004348: *Nov 15 14:43:45.710 UTC: Vi3 AAA/AUTHOR/IPCP: Done. Her
address 0.0.0.0, we want 0.0.0.0
004349: *Nov 15 14:43:45.714 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for primary dns
004350: *Nov 15 14:43:45.714 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for seconday dns
004351: *Nov 15 14:43:45.722 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for primary dns
004352: *Nov 15 14:43:45.730 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for primary dns
RADIUS SERVER
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [pro_dish] (from client PPPOE-GW port 16777318)
Sending Access-Accept of id 16 to 202.134.31.18 port 1645
Service-Type = Framed-User
Session-Timeout = 14400
Idle-Timeout = 14400
Framed-Protocol = PPP
Framed-IP-Address = 202.134.25.2
Framed-IP-Netmask = 255.255.255.128
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 8
Going to the next request
--- Walking the entire request list ---
Cleaning up request 7 ID 73 with timestamp 455a75ab
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 202.134.31.18:1646, id=74,
length=182
Acct-Session-Id = "0/0/1/102_00000025"
Cisco-AVPair = "client-mac-address=2e00.5909.8d6f"
Framed-Protocol = PPP
User-Name = "pro_dish"
Cisco-AVPair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Ethernet
NAS-Port = 16777318
NAS-Port-Id = "0/0/1/102"
Service-Type = Framed-User
NAS-IP-Address = 202.134.31.18
Acct-Delay-Time = 0
rad_lowerpair: User-Name now 'pro_dish'
rad_rmspace_pair: User-Name now 'pro_dish'
Processing the preacct section of radiusd.conf
