[cisco-bba] 12.2(16b) crashing with per-user RADIUS entries
Deryk Piper
deryk at mod-soft.com
Wed Jun 25 16:47:55 EDT 2003
Hi all,
I've got a 3640 running 12.2(16b) (previously 12.2(16)). It's acting as
an LNS for DSL, ISDN and analog dial-up customers. The 3640 is using
AAA to authenticate users via FreeRADIUS (previously Cistron RADIUS) on
a Linux box. Normally this works fine. However, I recently decided to
have a go at per-user access-lists and routes. My first try at per-user
access-lists seemed to work, but the router crashed a few seconds after
I issued the "clear int virtual-accessXXX" command to boot the test
user. Note that I made no configuration changes to the router, only the
RADIUS entries on the Linux box. The router also reboots if the test
user disconnects on its own, or if the router needs loses contact (PPP
keealives) and needs to clear the session. Once or twice it seems to
have rebooted for no reason (only when using per-user ACLs)
I'm using the inacl and outacl AV pairs to download the access-list to
the router. Again, the access-lists appear no problem on the
Virtual-Access interface and are dynamically named Virtual-AccessXXX#1
and Virtual-AccessXXX#0. However, the router just seems to want to
spontaneously reboot.
I've got a case open with TAC, but I thought I'd check here to see if
anybody else has seen this problem.
My AAA config is as follows:
aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius if-authenticated
aaa accounting update newinfo
aaa accounting network default start-stop group radius
Should I try removing the accounting entries?
Thanks in advance,
DP
Deryk Piper, B.Asc
Network Manager
Applications Development
Modular Software Ltd.
Web: www.mod-soft.com
Email: deryk at mod-soft.com
Phone: 905.890.3778 x225
FAX: 905.890.3845
More information about the cisco-bba
mailing list