[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [pacnog] Cisco + PPPOE + FreeRadius
Hi,
This is probably because your radius is not replying correctly.
Can you send through the result of 'debug radius auth' when this connection
tries to come up? You will want to sensor items in this debug.
You should be using Framed-IP-Address radius reply attribute by the way.
Cheers,
Kris
-----Original Message-----
From: Siumafua Moala [mailto:siumafua.moala@tcc.to]
Sent: Wednesday, 15 November 2006 11:53 AM
To: 'PacNOG'
Subject: [pacnog] Cisco + PPPOE + FreeRadius
Hi,
I am trying to configure cisco 7204 to terminate ADSL pppoe connections.
Everything is ok but I ran into problem when the radius (FreeRadius)
assign a static ip for a particular user.
The router completely ignore it and continue to assign a dynamic ip for
the user.
Below is my router config + router debug + freeradius debug.
Welcome any help.
Regards
--
TCC/ENG/IT/Siumafua I.T. Moala
Tonga Communications Corp.
Nuku'alofa, Tonga Is.
Private Bag 4.
Phone : +676 20066, 26848
Fax No : +676 26701
Mob : +676 18115, 15194
Email : siumafua.moala@tcc.to[,kalianet.to]
============================================================================
======
bba-group pppoe ADSL
virtual-template 1
sessions per-mac limit 2
sessions per-vlan limit 250
sessions auto cleanup
!
!
interface Loopback0
ip address 202.134.31.36 255.255.255.255
!
interface Loopback1
ip address 202.134.25.1 255.255.255.128
!
interface FastEthernet0/0
ip address 202.134.31.18 255.255.255.252
ip verify unicast source reachable-via rx allow-default 101
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 083543400E184B031D
duplex full
speed auto
no mop enabled
!
interface FastEthernet0/1
description ADSL-PPPOE interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex full
speed auto
no mop enabled
!
interface FastEthernet0/1.1
encapsulation dot1Q 102
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group ADSL
no cdp enable
!
interface Virtual-Template1
ip unnumbered Loopback1
ip mtu 1492
no ip route-cache cef
no logging event link-status
peer default ip address pool DYNAMIC
ppp authentication pap
ppp ipcp dns 202.134.24.119
ppp ipcp address required
ppp ipcp address unique
!
router ospf 209
log-adjacency-changes
area 0.0.0.0 authentication message-digest
passive-interface default
no passive-interface FastEthernet0/0
network 202.134.25.0 0.0.0.127 area 0.0.0.0
network 202.134.31.16 0.0.0.3 area 0.0.0.0
network 202.134.31.36 0.0.0.0 area 0.0.0.0
!
ip local pool DYNAMIC 202.134.25.20 202.134.25.126
ip local pool STATIC 202.134.25.2 202.134.25.19
ip route 0.0.0.0 0.0.0.0 202.134.31.17
ip route 0.0.0.0 255.255.255.255 202.134.31.17
!
no ip http server
no ip http secure-server
!
!
logging trap debugging
logging facility local2
access-list 13 permit 202.134.24.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
access-list 101 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
!
radius-server attribute nas-port format d
radius-server host 202.134.24.113 auth-port 1812 acct-port 1813
radius-server key 7 122935273D2E5E547A7E
radius-server vsa send accounting
radius-server vsa send authentication
DEBUG
004240: *Nov 15 14:43:43.658 UTC: Service tag: NULL Tag
004241: *Nov 15 14:43:43.658 UTC: PPPoE : encap string prepared
004242: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: Access IE handle allocated
004243: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: pppoe SSS switch updated
004244: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get retrieved attrs
004245: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get nas port details
004246: *Nov 15 14:43:43.658 UTC: AAA/BIND(00000016): Bind i/f
Virtual-Template1
004247: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get dynamic attrs
004248: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA get dynamic attrs
004249: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA unique ID allocated
004250: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: AAA method list set
004251: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: Service request sent to SSS
004252: *Nov 15 14:43:43.658 UTC: [17]PPPoE 16: Created, Service: None
R:0018.ba47.6806 L:2e00.5909.8d6f 102 Fa0/1.1
004253: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: State
NAS_PORT_POLICY_INQUIRY Event SSS_LOCAL
004254: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: O PADS R:2e00.5909.8d6f
L:0018.ba47.6806 Fa0/1.1
2E 00 59 09 8D 6F 00 18 BA 47 68 06 81 00 00 66
88 63 11 65 00 10 00 20 01 01 00 00 01 03 00 04 ...
004255: *Nov 15 14:43:43.662 UTC: ppp17 AAA/AUTHOR/LCP: Authorization
succeeds trivially
004256: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: State PPP_START Event
DYN_BIND
004257: *Nov 15 14:43:43.662 UTC: [17]PPPoE 16: data path set to PPP
004258: *Nov 15 14:43:45.686 UTC: AAA/AUTHEN/PPP (00000016): Pick method
list 'default'
004259: *Nov 15 14:43:45.686 UTC: RADIUS/ENCODE(00000016):Orig.
component type = PPoE
004260: *Nov 15 14:43:45.686 UTC: RADIUS(00000016): Config NAS IP: 0.0.0.0
004261: *Nov 15 14:43:45.686 UTC: RADIUS/ENCODE(00000016):
acct_session_id: 37
004262: *Nov 15 14:43:45.686 UTC: RADIUS(00000016): sending
004263: *Nov 15 14:43:45.686 UTC: RADIUS/ENCODE: Best Local IP-Address
202.134.31.18 for Radius-Server 202.134.24.113
004264: *Nov 15 14:43:45.686 UTC: RADIUS(00000016): Send Access-Request
to 202.134.24.113:1812 id 1645/16, len 130
004265: *Nov 15 14:43:45.686 UTC: RADIUS: authenticator D0 2F 0E 52 47
CE 73 D3 - 1B D4 EF 1A 22 DF BC EF
004266: *Nov 15 14:43:45.686 UTC: RADIUS: Vendor, Cisco [26] 41
004267: *Nov 15 14:43:45.686 UTC: RADIUS: Cisco AVpair [1] 35
"client-mac-address=2e00.5909.8d6f"
004268: *Nov 15 14:43:45.686 UTC: RADIUS: Framed-Protocol [7] 6
PPP [1]
004269: *Nov 15 14:43:45.686 UTC: RADIUS: User-Name [1] 10
"pro_dish"
004270: *Nov 15 14:43:45.686 UTC: RADIUS: User-Password [2] 18 *
004271: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-Port-Type [61] 6
Ethernet [15]
004272: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-Port [5] 6
16777318
004273: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-Port-Id [87] 11
"0/0/1/102"
004274: *Nov 15 14:43:45.686 UTC: RADIUS: Service-Type [6] 6
Framed [2]
004275: *Nov 15 14:43:45.686 UTC: RADIUS: NAS-IP-Address [4] 6
202.134.31.18
004276: *Nov 15 14:43:45.690 UTC: RADIUS: Received from id 1645/16
202.134.24.113:1812, Access-Accept, len 83
004277: *Nov 15 14:43:45.690 UTC: RADIUS: authenticator 63 81 61 90 33
1A 62 03 - 02 66 25 1B 4E 27 CF 73
004278: *Nov 15 14:43:45.690 UTC: RADIUS: Service-Type [6] 6
Framed [2]
004279: *Nov 15 14:43:45.690 UTC: RADIUS: Session-Timeout [27] 6
14400
004280: *Nov 15 14:43:45.690 UTC: RADIUS: Idle-Timeout [28] 6
14400
004281: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-Protocol [7] 6
PPP [1]
004282: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-IP-Address [8] 6
202.134.25.2
004283: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-IP-Netmask [9] 6
255.255.255.128
004284: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-Routing [10] 6 3
004285: *Nov 15 14:43:45.690 UTC: RADIUS: Filter-Id [11] 9
004286: *Nov 15 14:43:45.690 UTC: RADIUS: 73 74 64 2E 70 70
70 [std.ppp]
004287: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-MTU [12] 6
1500
004288: *Nov 15 14:43:45.690 UTC: RADIUS: Framed-Compression [13] 6
VJ TCP/IP Header Compressi[1]
004289: *Nov 15 14:43:45.694 UTC: RADIUS(00000016): Received from id 1645/16
004290: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: service-type
004291: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: timeout:
Peruser
004292: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: idletime:
Peruser
004293: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: Framed-Protocol
004294: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: addr
004295: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: route: Peruser
004296: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: netmask
004297: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: routing
004298: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: outacl: Peruser
004299: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr: Framed-MTU
004300: *Nov 15 14:43:45.694 UTC: ppp17 PPP/AAA: Check Attr:
link-compression: Peruser Full Vaccess
004301: *Nov 15 14:43:45.694 UTC: [17]PPPoE 16: State LCP_NEGOTIATION
Event PPP_LOCAL
004302: *Nov 15 14:43:45.694 UTC: PPPoE 16: Can not use sub-interface
004303: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: State
VACCESS_REQUESTED Event VA_RESP
004304: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: Vi3 interface obtained
004305: *Nov 15 14:43:45.698 UTC: AAA/BIND(00000016): Bind i/f
Virtual-Access3
004306: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: State PTA_BINDING
Event STAT_BIND
004307: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: data path set to Virtual
Acess
004308: *Nov 15 14:43:45.698 UTC: [17]PPPoE 16: Connected PTA
004309: *Nov 15 14:43:45.702 UTC: AAA/AUTHOR (0x16): Pick method list
'default'
004310: *Nov 15 14:43:45.702 UTC: AAA/AUTHOR (0x16): Pick method list
'default' - PASS - PASS - PASS - PASS
004311: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: Framed-Protocol
004312: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: username
004313: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/FSM: We can start LCP
004314: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: Framed-Protocol
004315: *Nov 15 14:43:45.702 UTC: Vi3 PPP/AAA: Check Attr: username
004316: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/FSM: We can start IPCP
004317: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/LCP: Process Author
004318: *Nov 15 14:43:45.702 UTC: [17]PPPoE 16: AAA get dynamic attrs
004319: *Nov 15 14:43:45.702 UTC: [17]PPPoE 16: AAA get dynamic attrs
004320: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/IPCP: Already authorized
004321: *Nov 15 14:43:45.702 UTC: Vi3 AAA/AUTHOR/FSM: We can start IPCP
004322: *Nov 15 14:43:45.702 UTC: RADIUS/ENCODE(00000016):Orig.
component type = PPoE
004323: *Nov 15 14:43:45.702 UTC: RADIUS/ENCODE(00000016):
Acct-session-id pre-pended with Nas Port = 0/0/1/102
004324: *Nov 15 14:43:45.702 UTC: RADIUS(00000016): Config NAS IP: 0.0.0.0
004325: *Nov 15 14:43:45.702 UTC: RADIUS(00000016): sending
004326: *Nov 15 14:43:45.702 UTC: RADIUS/ENCODE: Best Local IP-Address
202.134.31.18 for Radius-Server 202.134.24.113
004327: *Nov 15 14:43:45.702 UTC: RADIUS(00000016): Send
Accounting-Request to 202.134.24.113:1813 id 1646/74, len 182
004328: *Nov 15 14:43:45.702 UTC: RADIUS: authenticator 01 97 89 AA 1B
52 4F D6 - 6D 5A 16 9A 90 54 78 E2
004329: *Nov 15 14:43:45.702 UTC: RADIUS: Acct-Session-Id [44] 20
"0/0/1/102_00000025"
004330: *Nov 15 14:43:45.702 UTC: RADIUS: Vendor, Cisco [26] 41
004331: *Nov 15 14:43:45.702 UTC: RADIUS: Cisco AVpair [1] 35
"client-mac-address=2e00.5909.8d6f"
004332: *Nov 15 14:43:45.706 UTC: RADIUS: Framed-Protocol [7] 6
PPP [1]
004333: *Nov 15 14:43:45.706 UTC: RADIUS: User-Name [1] 10
"pro_dish"
004334: *Nov 15 14:43:45.706 UTC: RADIUS: Vendor, Cisco [26] 32
004335: *Nov 15 14:43:45.706 UTC: RADIUS: Cisco AVpair [1] 26
"connect-progress=Call Up"
004336: *Nov 15 14:43:45.706 UTC: RADIUS: Acct-Authentic [45] 6
RADIUS [1]
004337: *Nov 15 14:43:45.706 UTC: RADIUS: Acct-Status-Type [40] 6
Start [1]
004338: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-Port-Type [61] 6
Ethernet [15]
004339: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-Port [5] 6
16777318
004340: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-Port-Id [87] 11
"0/0/1/102"
004341: *Nov 15 14:43:45.706 UTC: RADIUS: Service-Type [6] 6
Framed [2]
004342: *Nov 15 14:43:45.706 UTC: RADIUS: NAS-IP-Address [4] 6
202.134.31.18
004343: *Nov 15 14:43:45.706 UTC: RADIUS: Acct-Delay-Time [41] 6 0
004344: *Nov 15 14:43:45.706 UTC: RADIUS: Received from id 1646/74
202.134.24.113:1813, Accounting-response, len 20
004345: *Nov 15 14:43:45.706 UTC: RADIUS: authenticator 15 39 E5 7D 5F
3F 5B 15 - 37 07 39 00 E3 2D 42 D5
004346: *Nov 15 14:43:45.710 UTC: Vi3 AAA/AUTHOR/IPCP: Start. Her
address 0.0.0.0, we want 0.0.0.0
004347: *Nov 15 14:43:45.710 UTC: Vi3 AAA/AUTHOR/IPCP: Authorization
succeeded
004348: *Nov 15 14:43:45.710 UTC: Vi3 AAA/AUTHOR/IPCP: Done. Her
address 0.0.0.0, we want 0.0.0.0
004349: *Nov 15 14:43:45.714 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for primary dns
004350: *Nov 15 14:43:45.714 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for seconday dns
004351: *Nov 15 14:43:45.722 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for primary dns
004352: *Nov 15 14:43:45.730 UTC: Vi3 AAA/AUTHOR/IPCP: no author-info
for primary dns
RADIUS SERVER
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [pro_dish] (from client PPPOE-GW port 16777318)
Sending Access-Accept of id 16 to 202.134.31.18 port 1645
Service-Type = Framed-User
Session-Timeout = 14400
Idle-Timeout = 14400
Framed-Protocol = PPP
Framed-IP-Address = 202.134.25.2
Framed-IP-Netmask = 255.255.255.128
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 8
Going to the next request
--- Walking the entire request list ---
Cleaning up request 7 ID 73 with timestamp 455a75ab
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 202.134.31.18:1646, id=74,
length=182
Acct-Session-Id = "0/0/1/102_00000025"
Cisco-AVPair = "client-mac-address=2e00.5909.8d6f"
Framed-Protocol = PPP
User-Name = "pro_dish"
Cisco-AVPair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Ethernet
NAS-Port = 16777318
NAS-Port-Id = "0/0/1/102"
Service-Type = Framed-User
NAS-IP-Address = 202.134.31.18
Acct-Delay-Time = 0
rad_lowerpair: User-Name now 'pro_dish'
rad_rmspace_pair: User-Name now 'pro_dish'
Processing the preacct section of radiusd.conf
_______________________________________________
pacnog mailing list
pacnog@pacnog.org
http://mailman.apnic.net/mailman/listinfo/pacnog
