[cisco-bba] PPPoE & Cisco
Dib Elie
elie_dib at yahoo.com
Thu Mar 31 07:17:40 EST 2005
Hi,
this is my first listing here. I am trying to setup a
PPPoE scenario using 4500 Router and Cisco Secure ACS.
I am able to authenticate the user and give him
access. I al also trying to limit the bandwidth of
each user using cisco avpair but i am not able to do
so.
this is the configuration done on the router:
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R8
!
aaa new-model
aaa group server radius elie
server 10.10.10.2 auth-port 1645 acct-port 1646
!
aaa authentication login default local
aaa authentication ppp default group elie
aaa authorization network default group elie
aaa nas port extended
!
username cisco password 0 cisco
ip subnet-zero
no ip domain-lookup
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
!
!
!
interface Ethernet0
no ip address
load-interval 30
media-type 10BaseT
pppoe enable
!
interface Ethernet1
ip address 10.10.10.1 255.255.255.0
load-interval 30
media-type 10BaseT
!
interface Virtual-Template1
ip unnumbered Ethernet1
ip mtu 1492
load-interval 30
no peer default ip address
ppp authentication chap
!
ip classless
ip flow-export version 5
no ip http server
!
radius-server host 10.10.10.2 auth-port 1645 acct-port
1646 key cisco
radius-server attribute nas-port format d
radius-server vsa send accounting
radius-server vsa send authentication
!
line con 0
line aux 0
line vty 0 4
!
end
and this is the output of the "debug radius" done on
the router:
00:34:02: %LINK-3-UPDOWN: Interface Virtual-Access1,
changed state to up
00:34:02: RADIUS: ustruct sharecount=2
00:34:02: Radius: radius_port_info() success=1
radius_nas_port=17
00:34:02: RADIUS: added cisco VSA 2 len 16
"Virtual-Access1*"
00:34:02: RADIUS: Initial Transmit Virtual-Access1* id
18 10.10.10.2:1645, Access-Request, len 100
00:34:02: Attribute 4 6 0A0A0A01
00:34:02: Attribute 5 6 1F000000
00:34:02: Attribute 26 24 0000000902125669
00:34:02: Attribute 61 6 00000005
00:34:02: Attribute 1 7 63697363
00:34:02: Attribute 3 19 1314D9B2
00:34:02: Attribute 6 6 00000002
00:34:02: Attribute 7 6 00000001
00:34:02: RADIUS: Received from id 18 10.10.10.2:1645,
Access-Accept, len 209
00:34:02: Attribute 26 121 0000000901736C63
00:34:02: Attribute 6 6 00000002
00:34:02: Attribute 7 6 00000001
00:34:02: Attribute 10 6 00000003
00:34:02: Attribute 12 6 00000578
00:34:02: Attribute 8 6 FFFFFFFF
00:34:02: Attribute 25 38 43495343
00:34:02: RADIUS: cisco AVPair
"lcp:interface-config=rate-limit input access-group
101 16000 2000 2000 conform-action transmit
exceed-action drop"
00:34:02: RADIUS: cisco AVPair
"lcp:interface-config=rate-limit input access-group
101 16000 2000 2000 conform-action transmit
exceed-action drop" not applied for ip
00:34:02: RADIUS: allowing negotiated framed address
00:34:02: RADIUS: cisco AVPair
"lcp:interface-config=rate-limit input access-group
101 16000 2000 2000 conform-action transmit
exceed-action drop" not applied for ip
00:34:02: RADIUS: allowing negotiated framed address
20.20.20.1
00:34:03: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Virtual-Access1, changed state to up
any suggestions,
Regards
Elie
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
More information about the cisco-bba
mailing list