Re: RE: [pacnog] Cisco + PPPOE + FreeRadius

To: Kris Amy <kris@amy.id.au>
Subject: Re: RE: [pacnog] Cisco + PPPOE + FreeRadius
From: Siumafua Moala <siumafua.moala@tcc.to>
Date: Wed, 15 Nov 2006 16:34:53 +1300
Cc: 'PacNOG' <pacnog@pacnog.org>
In-reply-to: <20061115020734.D0DACB0003@kombu.apnic.net>
List-archive: <http://www.apnic.net/mailing-lists/pacnog>
List-help: <mailto:pacnog-request@pacnog.org?subject=help>
List-id: Pacific Network Operators Group <pacnog.pacnog.org>
List-post: <mailto:pacnog@pacnog.org>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=unsubscribe>
References: <20061115020734.D0DACB0003@kombu.apnic.net>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

Hi,

Thanks. The radius reply seems to be ok as shown below

The radius server reply with "Framed-IP-Address=202.134.25.2"  is the
correct static ip.

I'm including the  "debug ppp negotiation" also.

DEBUG RADIUS AUTH

006051: *Nov 15 16:17:57.298 UTC: RADIUS/ENCODE(0000001B):Orig.
component type = PPoE
006052: *Nov 15 16:17:57.298 UTC: RADIUS/ENCODE(0000001B):
Acct-session-id pre-pended with Nas Port = 0/0/1/102
006053: *Nov 15 16:17:57.298 UTC: RADIUS(0000001B): Config NAS IP: 0.0.0.0
006054: *Nov 15 16:17:57.298 UTC: RADIUS/ENCODE: Best Local IP-Address
202.134.31.18 for Radius-Server 202.134.24.113
006055: *Nov 15 16:17:57.302 UTC: RADIUS: Received from id 1646/99
202.134.24.113:1813, Accounting-response, len 20
006056: *Nov 15 16:18:00.662 UTC: RADIUS/ENCODE(0000001C):Orig.
component type = PPoE
006057: *Nov 15 16:18:00.662 UTC: RADIUS(0000001C): Config NAS IP: 0.0.0.0
006058: *Nov 15 16:18:00.662 UTC: RADIUS/ENCODE(0000001C):
acct_session_id: 48
006059: *Nov 15 16:18:00.662 UTC: RADIUS(0000001C): sending
006060: *Nov 15 16:18:00.662 UTC: RADIUS/ENCODE: Best Local IP-Address
202.134.31.18 for Radius-Server 202.134.24.113
006061: *Nov 15 16:18:00.662 UTC: RADIUS(0000001C): Send Access-Request
to 202.134.24.113:1812 id 1645/21, len 130
006062: *Nov 15 16:18:00.662 UTC: RADIUS:  authenticator 42 B7 D3 65 D0
A7 84 66 - D6 9A B6 08 29 71 32 C0
006063: *Nov 15 16:18:00.662 UTC: RADIUS:  Vendor, Cisco       [26]  41
006064: *Nov 15 16:18:00.662 UTC: RADIUS:   Cisco AVpair       [1]   35 
"client-mac-address=2e00.5909.8d6f"
006065: *Nov 15 16:18:00.662 UTC: RADIUS:  Framed-Protocol     [7]   6  
PPP                       [1]
006066: *Nov 15 16:18:00.662 UTC: RADIUS:  User-Name           [1]   10 
"pro_dish"
006067: *Nov 15 16:18:00.662 UTC: RADIUS:  User-Password       [2]   18  *
006068: *Nov 15 16:18:00.662 UTC: RADIUS:  NAS-Port-Type       [61]  6  
Ethernet                  [15]
006069: *Nov 15 16:18:00.662 UTC: RADIUS:  NAS-Port            [5]   6  
16777318
006070: *Nov 15 16:18:00.662 UTC: RADIUS:  NAS-Port-Id         [87]  11 
"0/0/1/102"
006071: *Nov 15 16:18:00.662 UTC: RADIUS:  Service-Type        [6]   6  
Framed                    [2]
006072: *Nov 15 16:18:00.662 UTC: RADIUS:  NAS-IP-Address      [4]   6  
202.134.31.18
006073: *Nov 15 16:18:00.666 UTC: RADIUS: Received from id 1645/21
202.134.24.113:1812, Access-Accept, len 83
006074: *Nov 15 16:18:00.666 UTC: RADIUS:  authenticator 72 73 FB 07 07
B0 C4 91 - B8 B8 31 24 87 6D 1F 56
006075: *Nov 15 16:18:00.666 UTC: RADIUS:  Service-Type        [6]   6  
Framed                    [2]
006076: *Nov 15 16:18:00.666 UTC: RADIUS:  Session-Timeout     [27]  6  
14400
006077: *Nov 15 16:18:00.666 UTC: RADIUS:  Idle-Timeout        [28]  6  
14400
006078: *Nov 15 16:18:00.666 UTC: RADIUS:  Framed-Protocol     [7]   6  
PPP                       [1]
006079: *Nov 15 16:18:00.666 UTC: RADIUS:  Framed-IP-Address   [8]   6  
202.134.25.2
006080: *Nov 15 16:18:00.666 UTC: RADIUS:  Framed-IP-Netmask   [9]   6  
255.255.255.128
006081: *Nov 15 16:18:00.666 UTC: RADIUS:  Framed-Routing      [10]  6   3
006082: *Nov 15 16:18:00.666 UTC: RADIUS:  Filter-Id           [11]  9
006083: *Nov 15 16:18:00.666 UTC: RADIUS:   73 74 64 2E 70 70
70                             [std.ppp]
006084: *Nov 15 16:18:00.670 UTC: RADIUS:  Framed-MTU          [12]  6  
1500
006085: *Nov 15 16:18:00.670 UTC: RADIUS:  Framed-Compression  [13]  6  
VJ TCP/IP Header Compressi[1]
006086: *Nov 15 16:18:00.670 UTC: RADIUS(0000001C): Received from id 1645/21
006087: *Nov 15 16:18:00.678 UTC: RADIUS/ENCODE(0000001C):Orig.
component type = PPoE
006088: *Nov 15 16:18:00.678 UTC: RADIUS/ENCODE(0000001C):
Acct-session-id pre-pended with Nas Port = 0/0/1/102
006089: *Nov 15 16:18:00.678 UTC: RADIUS(0000001C): Config NAS IP: 0.0.0.0
006090: *Nov 15 16:18:00.678 UTC: RADIUS/ENCODE: Best Local IP-Address
202.134.31.18 for Radius-Server 202.134.24.113
006091: *Nov 15 16:18:00.682 UTC: RADIUS: Received from id 1646/100
202.134.24.113:1813, Accounting-response, len 20


DEBUG PPP NEGO

006230: *Nov 15 16:28:38.362 UTC: ppp24 PPP: Send Message[Dynamic Bind
Response]
006231: *Nov 15 16:28:38.362 UTC: ppp24 PPP: Using default call direction
006232: *Nov 15 16:28:38.362 UTC: ppp24 PPP: Treating connection as a
dedicated line
006233: *Nov 15 16:28:38.362 UTC: ppp24 PPP: Session handle[C9000030]
Session id[24]
006234: *Nov 15 16:28:38.362 UTC: ppp24 PPP: Phase is ESTABLISHING,
Active Open
006235: *Nov 15 16:28:38.362 UTC: ppp24 LCP: O CONFREQ [Closed] id 1 len 18
006236: *Nov 15 16:28:38.362 UTC: ppp24 LCP:    MRU 1492 (0x010405D4)
006237: *Nov 15 16:28:38.362 UTC: ppp24 LCP:    AuthProto PAP (0x0304C023)
006238: *Nov 15 16:28:38.362 UTC: ppp24 LCP:    MagicNumber 0x1A065815
(0x05061A065815)
006239: *Nov 15 16:28:38.394 UTC: ppp24 LCP: I CONFREQ [REQsent] id 1 len 14
006240: *Nov 15 16:28:38.394 UTC: ppp24 LCP:    MRU 1492 (0x010405D4)
006241: *Nov 15 16:28:38.394 UTC: ppp24 LCP:    MagicNumber 0xA5A4913A
(0x0506A5A4913A)
006242: *Nov 15 16:28:38.394 UTC: ppp24 LCP: O CONFACK [REQsent] id 1 len 14
006243: *Nov 15 16:28:38.394 UTC: ppp24 LCP:    MRU 1492 (0x010405D4)
006244: *Nov 15 16:28:38.394 UTC: ppp24 LCP:    MagicNumber 0xA5A4913A
(0x0506A5A4913A)
006245: *Nov 15 16:28:40.362 UTC: ppp24 LCP: Timeout: State ACKsent
006246: *Nov 15 16:28:40.362 UTC: ppp24 LCP: O CONFREQ [ACKsent] id 2 len 18
006247: *Nov 15 16:28:40.362 UTC: ppp24 LCP:    MRU 1492 (0x010405D4)
006248: *Nov 15 16:28:40.362 UTC: ppp24 LCP:    AuthProto PAP (0x0304C023)
006249: *Nov 15 16:28:40.362 UTC: ppp24 LCP:    MagicNumber 0x1A065815
(0x05061A065815)
006250: *Nov 15 16:28:40.370 UTC: ppp24 LCP: I CONFACK [ACKsent] id 2 len 18
006251: *Nov 15 16:28:40.370 UTC: ppp24 LCP:    MRU 1492 (0x010405D4)
006252: *Nov 15 16:28:40.370 UTC: ppp24 LCP:    AuthProto PAP (0x0304C023)
006253: *Nov 15 16:28:40.370 UTC: ppp24 LCP:    MagicNumber 0x1A065815
(0x05061A065815)
006254: *Nov 15 16:28:40.370 UTC: ppp24 LCP: State is Open
006255: *Nov 15 16:28:40.370 UTC: ppp24 PPP: Phase is AUTHENTICATING, by
this end
006256: *Nov 15 16:28:40.374 UTC: ppp24 PAP: I AUTH-REQ id 1 len 24 from
"pro_dish"
006257: *Nov 15 16:28:40.374 UTC: ppp24 PAP: Authenticating peer pro_dish
006258: *Nov 15 16:28:40.374 UTC: ppp24 PPP: Phase is FORWARDING,
Attempting Forward
006259: *Nov 15 16:28:40.374 UTC: ppp24 PPP: Phase is AUTHENTICATING,
Unauthenticated User
006260: *Nov 15 16:28:40.378 UTC: ppp24 PPP: Phase is FORWARDING,
Attempting Forward
006261: *Nov 15 16:28:40.378 UTC: ppp24 PPP: Send Message[Connect Local]
006262: *Nov 15 16:28:40.382 UTC: Vi3 PPP: Phase is DOWN, Setup
006263: *Nov 15 16:28:40.382 UTC: ppp24 PPP: Bind to [Virtual-Access3]
006264: *Nov 15 16:28:40.382 UTC: Vi3 PPP: Send Message[Static Bind
Response]
006265: *Nov 15 16:28:40.386 UTC: Vi3 PPP: Phase is AUTHENTICATING,
Authenticated User
006266: *Nov 15 16:28:40.386 UTC: Vi3 PAP: O AUTH-ACK id 1 len 5
006267: *Nov 15 16:28:40.386 UTC: Vi3 PPP: Phase is UP
006268: *Nov 15 16:28:40.386 UTC: Vi3 IPCP: O CONFREQ [Closed] id 1 len 10
006269: *Nov 15 16:28:40.386 UTC: Vi3 IPCP:    Address 202.134.25.1
(0x0306CA861901)
006270: *Nov 15 16:28:40.386 UTC: Vi3 PPP: Process pending ncp packets
006271: *Nov 15 16:28:40.394 UTC: Vi3 IPCP: I CONFREQ [REQsent] id 1 len 22
006272: *Nov 15 16:28:40.394 UTC: Vi3 IPCP:    Address 0.0.0.0
(0x030600000000)
006273: *Nov 15 16:28:40.394 UTC: Vi3 IPCP:    PrimaryDNS 0.0.0.0
(0x810600000000)
006274: *Nov 15 16:28:40.394 UTC: Vi3 IPCP:    SecondaryDNS 0.0.0.0
(0x830600000000)
006275: *Nov 15 16:28:40.394 UTC: Vi3 AAA/AUTHOR/IPCP: Start.  Her
address 0.0.0.0, we want 0.0.0.0
006276: *Nov 15 16:28:40.394 UTC: Vi3 AAA/AUTHOR/IPCP: Done.  Her
address 0.0.0.0, we want 0.0.0.0
006277: *Nov 15 16:28:40.394 UTC: Vi3 IPCP: Pool returned 202.134.25.21
006278: *Nov 15 16:28:40.394 UTC: Vi3 IPCP: O CONFREJ [REQsent] id 1 len 10
006279: *Nov 15 16:28:40.394 UTC: Vi3 IPCP:    SecondaryDNS 0.0.0.0
(0x830600000000)
006280: *Nov 15 16:28:40.398 UTC: Vi3 IPCP: I CONFACK [REQsent] id 1 len 10
006281: *Nov 15 16:28:40.398 UTC: Vi3 IPCP:    Address 202.134.25.1
(0x0306CA861901)
006282: *Nov 15 16:28:40.406 UTC: Vi3 IPCP: I CONFREQ [ACKrcvd] id 2 len 16
006283: *Nov 15 16:28:40.406 UTC: Vi3 IPCP:    Address 0.0.0.0
(0x030600000000)
006284: *Nov 15 16:28:40.406 UTC: Vi3 IPCP:    PrimaryDNS 0.0.0.0
(0x810600000000)
006285: *Nov 15 16:28:40.406 UTC: Vi3 IPCP: O CONFNAK [ACKrcvd] id 2 len 16
006286: *Nov 15 16:28:40.406 UTC: Vi3 IPCP:    Address 202.134.25.21
(0x0306CA861915)
006287: *Nov 15 16:28:40.406 UTC: Vi3 IPCP:    PrimaryDNS 202.134.24.119
(0x8106CA861877)
006288: *Nov 15 16:28:40.418 UTC: Vi3 IPCP: I CONFREQ [ACKrcvd] id 3 len 16
006289: *Nov 15 16:28:40.418 UTC: Vi3 IPCP:    Address 202.134.25.21
(0x0306CA861915)
006290: *Nov 15 16:28:40.418 UTC: Vi3 IPCP:    PrimaryDNS 202.134.24.119
(0x8106CA861877)
006291: *Nov 15 16:28:40.418 UTC: Vi3 IPCP: O CONFACK [ACKrcvd] id 3 len 16
006292: *Nov 15 16:28:40.418 UTC: Vi3 IPCP:    Address 202.134.25.21
(0x0306CA861915)
006293: *Nov 15 16:28:40.418 UTC: Vi3 IPCP:    PrimaryDNS 202.134.24.119
(0x8106CA861877)
006294: *Nov 15 16:28:40.418 UTC: Vi3 IPCP: State is Open
006295: *Nov 15 16:28:40.418 UTC: Vi3 IPCP: Install route to 202.134.25.21




Kris Amy wrote:
> Hi,
>
> This is probably because your radius is not replying correctly.
>
> Can you send through the result of 'debug radius auth' when this connection
> tries to come up? You will want to sensor items in this debug.
>
> You should be using Framed-IP-Address radius reply attribute by the way.
>
> Cheers,
> Kris
>
> -----Original Message-----
> From: Siumafua Moala [mailto:siumafua.moala@tcc.to] 
> Sent: Wednesday, 15 November 2006 11:53 AM
> To: 'PacNOG'
> Subject: [pacnog] Cisco + PPPOE + FreeRadius
>
> Hi,
>
> I am trying to configure cisco 7204 to terminate ADSL pppoe connections.
>
> Everything is ok but I ran into problem when the radius (FreeRadius)
> assign a static ip for a particular user.
> The router completely ignore it and continue to assign a dynamic ip for
> the user.
>
> Below is my router config + router debug + freeradius debug.
>
> Welcome any help.
>
> Regards
>
>   


-- 
TCC/ENG/IT/Siumafua I.T. Moala
Tonga Communications Corp.
Nuku'alofa, Tonga Is.
Private Bag 4.

Phone  : +676 20066, 26848
Fax No : +676 26701
Mob    : +676 18115, 15194 
Email  : siumafua.moala@tcc.to[,kalianet.to] 

==================================================================================

References:
- RE: [pacnog] Cisco + PPPOE + FreeRadius
  - From: "Kris Amy" <kris@amy.id.au>

Prev by Date: RE: [pacnog] Cisco + PPPOE + FreeRadius
Next by Date: [pacnog] Call for Fellowships - APRICOT 2007
Previous by thread: RE: [pacnog] Cisco + PPPOE + FreeRadius
Next by thread: Re: [pacnog] Serial Data Speeds
Index(es):
- Date
- Thread