[cisco-bba] 12.2(16b) crashing with per-user RADIUS entries

Dennis Peng dpeng at cisco.com
Wed Jun 25 14:20:24 EDT 2003 

Can you send me the RADIUS profile which causes the problem to occur?

Dennis

Deryk Piper [deryk at mod-soft.com] wrote:
> Hi all,
> 
> I've got a 3640 running 12.2(16b) (previously 12.2(16)).  It's acting as
> an LNS for DSL, ISDN and analog dial-up customers.  The 3640 is using
> AAA to authenticate users via FreeRADIUS (previously Cistron RADIUS) on
> a Linux box.  Normally this works fine.  However, I recently decided to
> have a go at per-user access-lists and routes.  My first try at per-user
> access-lists seemed to work, but the router crashed a few seconds after
> I issued the "clear int virtual-accessXXX" command to boot the test
> user.  Note that I made no configuration changes to the router, only the
> RADIUS entries on the Linux box.  The router also reboots if the test
> user disconnects on its own, or if the router needs loses contact (PPP
> keealives) and needs to clear the session.  Once or twice it seems to
> have rebooted for no reason (only when using per-user ACLs)
> 
> I'm using the inacl and outacl AV pairs to download the access-list to
> the router.  Again, the access-lists appear no problem on the
> Virtual-Access interface and are dynamically named Virtual-AccessXXX#1
> and Virtual-AccessXXX#0.  However, the router just seems to want to
> spontaneously reboot.
> 
> I've got a case open with TAC, but I thought I'd check here to see if
> anybody else has seen this problem.
> 
> My AAA config is as follows:
> 
> aaa new-model
> aaa authentication login default local
> aaa authentication ppp default group radius
> aaa authorization exec default local
> aaa authorization network default group radius if-authenticated
> aaa accounting update newinfo
> aaa accounting network default start-stop group radius
> 
> Should I try removing the accounting entries?
> 
> Thanks in advance,
> 
> DP
> 
> 
> 
> Deryk Piper, B.Asc
>  Network Manager
>  Applications Development
> Modular Software Ltd.
> 
> Web:    www.mod-soft.com
> Email:  deryk at mod-soft.com
> Phone:  905.890.3778 x225
> FAX:    905.890.3845
> 
> 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-bba

-- 
-------------------------------------------------------------------------
      ||        ||                                 Dennis Peng
      ||        ||        Cisco Systems, Inc.      Escalation Engineer
     ||||      ||||       170 West Tasman Drive    Phone: (408) 526-6143
 ..:||||||:..:||||||:..   San Jose, CA 95134       Fax:   (408) 232-2343
   Cisco Systems Inc.                              dpeng at cisco.com
-------------------------------------------------------------------------

More information about the cisco-bba mailing list