[c-nsp] 7200 LNS problems from Redback? or Radius?
Skeeve Stevens
skeeve at skeeve.org
Wed May 30 18:37:49 EDT 2007
Sorry Guys, I left that bit out stupidly.
radius-server configure-nas
radius-server host 202.x.x.x auth-port 1812 acct-port 1813
radius-server retransmit 2
radius-server timeout 2
radius-server key 7 xxx
.Skeeve
From: Joe Freeman [mailto:joe at netbyjoe.com]
Sent: Thursday, 31 May 2007 1:48 AM
To: skeeve at skeeve.org
Cc: Cisco-nsp
Subject: Re: [c-nsp] 7200 LNS problems from Redback? or Radius?
Make sure your radius host(s) is(are) defined with a block similiar to this
(and are reachable)-
radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646 non-standard
radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646 non-standard
radius-server deadtime 60
radius-server key 7 someencryptedpassword
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
you can then do a test authentication using the test aaa command -
testrouter#test aaa group radius username password
That'll tell you if your radius config is properly working or not.
Joe
On 5/30/07, Skeeve Stevens <skeeve at skeeve.org> wrote:
Hey guys,
I have a 7200 taking sessions from a Redback and either the Redback
is not configured properly (hard to prove as I don't have access), or I have
a local problem.
I'm receiving the log entry below
AAA/AUTHOR (0x0): Pick method list 'local-list'
This seems to suggest that it is ignoring radius and trying local
auth.
I have:
!
aaa group server radius dslrad
server 202.x.x.x auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication ppp default group radius group dslrad
aaa authorization exec default local group dslrad
aaa authorization network default group dslrad
aaa accounting delay-start
aaa accounting update periodic 30
aaa accounting network default start-stop group dslrad
aaa accounting connection default start-stop group dslrad
aaa accounting system default start-stop group dslrad
which seems to be fine.
I have the following debugging on:
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Administrative debugging is on
AAA Local debugs debugging is on
AAA Radius debugs debugging is on
L2TP:
L2TP packet events debugging is on
L2TP packet errors debugging is on
L2TP errors debugging is on
L2TP events debugging is on
L2TP L2TUN socket API debugging is on
PPP:
PPP authentication debugging is on
PPP protocol errors debugging is on
PPP protocol negotiation debugging is on
PPP forwarding events debugging is on
VPN:
VPDN call event debugging is on
VPDN message debugging is on
VPDN events debugging is on
VPDN errors debugging is on
VPDN packet debugging is on
Radius protocol debugging is on
Radius protocol brief debugging is on
Radius protocol verbose debugging is on
And I am seeing zero radius chatter at all, and only the one AAA comment
about local-list.
The tunnel seems to come up to the Redback, but then I see nothing except
this:
May 30 2007 21:51:59: L2X:CEF From tunnel: 93 byte pak dropped
May 30 2007 21:52:01: L2X:CEF From tunnel: Gi0/1.31 Received 93 byte pak
May 30 2007 21:52:01: L2X:CEF From tunnel: 93 byte pak dropped
May 30 2007 21:52:03: L2X:CEF From tunnel: Gi0/1.31 Received 93 byte pak
Anyone have any ideas please?
System image file is "disk2:c7200p-advipservicesk9-mz.124-11.T1.bin"
Cisco 7204G2.
.Skeeve
--
Skeeve Stevens, RHCE
skeeve at skeeve.org / www.skeeve.org
Cell +61 (0)414 753 383 / skype://skeeve
eintellego - skeeve at eintellego.net - www.eintellego.net
--
I'm a groove licked love child king of the verse
Si vis pacem, para bellum
_______________________________________________
cisco-nsp mailing list <mailto:cisco-nsp at puck.nether.net>
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list