[cisco-bba] C7204VXR + PPPOE + Freeradius
Dale Spittle
dale at buzz.net.nz
Tue Feb 13 11:53:39 EST 2007
Is there an issue with the users' Radius Profile. Here is a working
FreeRadius Fixed IP example.
dn: uid=username,ou=People,dc=example,dc=net
uid: username
cn: User Name
objectClass: account
objectClass: posixAccount
objectClass: example
objectClass: radiusprofile
radiusReplyItem: Session-Timeout += 28800
radiusReplyItem: Framed-Filter-Id += "unlimited.in"
radiusReplyItem: Framed-Filter-Id += "unlimited.out"
# radiusReplyItem: Cisco-AVPair += "ip:addr-pool=C4700-pool"
radiusFramedIPAddress: 102.87.97.6
radiusReplyItem: Framed-IP-Netmask = 255.255.255.255
radiusFramedMTU: 1472
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 1080
gidNumber: 100
homeDirectory: /export/home/username
gecos: User Name
Regards,
Dale.
----- Original Message -----
From: "Siumafua Moala" <siumafua.moala at tcc.to>
To: <cisco-bba at puck.nether.net>
Sent: Tuesday, February 13, 2007 10:01 AM
Subject: [cisco-bba] C7204VXR + PPPOE + Freeradius
> We are using C7204VXR to terminate pppoe sessions for our ADSL
> subscribers. This is working fine but
> only for customers with dynamic IP. At the moment we use a freebsd
> server to the terminate sessions with static IP
> but I want to move them all to the 7204VXR.
>
> The static IP is allocated by the radius (freeradius) server but it
> seems the router ignore it (debugging shows the
> packet send from the radius is correct and contains that static IP) and
> keep allocating dynamic ip.
>
> Welcome any help, idea, etc.
>
>
> Configuration & Traces Below
>
>
> aaa authentication login local_auth local
> aaa authentication ppp default none
> aaa authentication ppp byradiusd group radius
> aaa authorization exec default local
> aaa authorization network default none
> aaa authorization network byradiusd group radius
> aaa accounting delay-start
> aaa accounting update newinfo
> aaa accounting network default none
> aaa accounting network byradiusd start-stop group radius
>
> bba-group pppoe ADSL-STATIC
> virtual-template 2
> sessions per-vc limit 2
> sessions per-mac limit 1
> sessions per-vlan limit 1024
> sessions auto cleanup
>
> interface Virtual-Template2
> description Virtual interface for PPPOE connections
> ip unnumbered Loopback2
> ip mtu 1492
> no logging event link-status
> no peer default ip address
> ppp authentication pap byradiusd
> ppp authorization byradiusd
> ppp ipcp dns xxx.xxx.xxx.xxx
>
> interface FastEthernet0/1.2
> description PPPOE sub-interface
> encapsulation dot1Q 104
> no ip redirects
> no ip unreachables
> pppoe enable group ADSL-STATIC
> no cdp enable
>
>
> Traces
> 158263: *Feb 13 09:36:40.246 UTC: ppp808 PPP: Send Message[Dynamic Bind
> Response]
> 158264: *Feb 13 09:36:40.246 UTC: ppp808 PPP: Using default call direction
> 158265: *Feb 13 09:36:40.246 UTC: ppp808 PPP: Treating connection as a
> dedicated line
> 158266: *Feb 13 09:36:40.246 UTC: ppp808 PPP: Session handle[3C000047]
> Session id[808]
> 158267: *Feb 13 09:36:40.246 UTC: ppp808 PPP: Phase is ESTABLISHING,
> Active Open
> 158268: *Feb 13 09:36:40.246 UTC: ppp808 LCP: O CONFREQ [Closed] id 1 len
> 18
> 158269: *Feb 13 09:36:40.246 UTC: ppp808 LCP: MRU 1492 (0x010405D4)
> 158270: *Feb 13 09:36:40.246 UTC: ppp808 LCP: AuthProto PAP
> (0x0304C023)
> 158271: *Feb 13 09:36:40.246 UTC: ppp808 LCP: MagicNumber 0x2776AFB4
> (0x05062776AFB4)
> 158272: *Feb 13 09:36:40.270 UTC: ppp808 LCP: I CONFREQ [REQsent] id 1
> len 14
> 158273: *Feb 13 09:36:40.270 UTC: ppp808 LCP: MRU 1492 (0x010405D4)
> 158274: *Feb 13 09:36:40.270 UTC: ppp808 LCP: MagicNumber 0x6CB8D63E
> (0x05066CB8D63E)
> 158275: *Feb 13 09:36:40.270 UTC: ppp808 LCP: O CONFACK [REQsent] id 1
> len 14
> 158276: *Feb 13 09:36:40.270 UTC: ppp808 LCP: MRU 1492 (0x010405D4)
> 158277: *Feb 13 09:36:40.270 UTC: ppp808 LCP: MagicNumber 0x6CB8D63E
> (0x05066CB8D63E)u
> 158278: *Feb 13 09:36:42.238 UTC: ppp808 LCP: Timeout: State ACKsent
> 158279: *Feb 13 09:36:42.238 UTC: ppp808 LCP: O CONFREQ [ACKsent] id 2
> len 18
> 158280: *Feb 13 09:36:42.238 UTC: ppp808 LCP: MRU 1492 (0x010405D4)
> 158281: *Feb 13 09:36:42.238 UTC: ppp808 LCP: AuthProto PAP
> (0x0304C023)
> 158282: *Feb 13 09:36:42.238 UTC: ppp808 LCP: MagicNumber 0x2776AFB4
> (0x05062776AFB4)
> 158283: *Feb 13 09:36:42.246 UTC: ppp808 LCP: I CONFACK [ACKsent] id 2
> len 18
> 158284: *Feb 13 09:36:42.246 UTC: ppp808 LCP: MRU 1492 (0x010405D4)
> 158285: *Feb 13 09:36:42.246 UTC: ppp808 LCP: AuthProto PAP
> (0x0304C023)
> 158286: *Feb 13 09:36:42.246 UTC: ppp808 LCP: MagicNumber 0x2776AFB4
> (0x05062776AFB4)
> 158287: *Feb 13 09:36:42.246 UTC: ppp808 LCP: State is Open
> 158288: *Feb 13 09:36:42.246 UTC: ppp808 PPP: Phase is AUTHENTICATING,
> by this end
> 158289: *Feb 13 09:36:42.246 UTC: ppp808 PAP: I AUTH-REQ id 1 len 17
> from "***"
> 158290: *Feb 13 09:36:42.246 UTC: ppp808 PAP: Authenticating peer ***
> 158291: *Feb 13 09:36:42.246 UTC: ppp808 PPP: Phase is FORWARDING,
> Attempting Forward
> 158292: *Feb 13 09:36:42.246 UTC: ppp808 PPP: Phase is AUTHENTICATING,
> Unauthenticated User
> 158293: *Feb 13 09:36:42.246 UTC: RADIUS/ENCODE(000051F8):Orig.
> component type = PPoE
> 158294: *Feb 13 09:36:42.246 UTC: RADIUS: AAA Unsupported Attr:
> client-mac-address[31] 14
> 158295: *Feb 13 09:36:42.250 UTC: RADIUS: 30 30 30 66 2E 33 64 62 38
> 2E 38 62 [000f.3db8.8b]
> 158296: *Feb 13 09:36:42.250 UTC: RADIUS: AAA Unsupported Attr:
> interface [157] 9
> 158297: *Feb 13 09:36:42.250 UTC: RADIUS: 30 2F 30 2F 31 2F
> 31 [0/0/1/1]
> 158298: *Feb 13 09:36:42.250 UTC: RADIUS(000051F8): Config NAS IP: 0.0.0.0
> 158299: *Feb 13 09:36:42.250 UTC: RADIUS/ENCODE(000051F8):
> acct_session_id: 23291
> 158300: *Feb 13 09:36:42.250 UTC: RADIUS(000051F8): sending
> 158301: *Feb 13 09:36:42.250 UTC: RADIUS/ENCODE: Best Local IP-Address
> 202.134.31.18 for Radius-Server 202.134.24.115
> 158302: *Feb 13 09:36:42.250 UTC: RADIUS(000051F8): Send Access-Request
> to 202.134.24.115:1812 id 1645/157, len 84
> 158303: *Feb 13 09:36:42.250 UTC: RADIUS: authenticator D9 4C D1 1C 3F
> D7 5A 38 - 0A 9F CE 40 DE 3F 6C DF
> 158304: *Feb 13 09:36:42.250 UTC: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> 158305: *Feb 13 09:36:42.250 UTC: RADIUS: User-Name [1] 5
> "***"
> 158306: *Feb 13 09:36:42.250 UTC: RADIUS: User-Password [2] 18 *
> 158307: *Feb 13 09:36:42.250 UTC: RADIUS: NAS-Port-Type [61] 6
> Ethernet [15]
> 158308: *Feb 13 09:36:42.250 UTC: RADIUS: NAS-Port [5] 6
> 16777320
> 158309: *Feb 13 09:36:42.250 UTC: RADIUS: NAS-Port-Id [87] 11
> "0/0/1/104"
> 158310: *Feb 13 09:36:42.250 UTC: RADIUS: Service-Type [6] 6
> Framed [2]
> 158311: *Feb 13 09:36:42.250 UTC: RADIUS: NAS-IP-Address [4] 6
> xxx.xxx.xxx.xxx
> 158312: *Feb 13 09:36:42.258 UTC: RADIUS: Received from id 1645/157
> zzz.zzz.zzz.zzz:1812, Access-Accept, len 95
> 158313: *Feb 13 09:36:42.258 UTC: RADIUS: authenticator AE 00 06 F9 0A
> 44 74 4B - 7E 22 01 01 C8 F8 77 98
> 158314: *Feb 13 09:36:42.258 UTC: RADIUS: Service-Type [6] 6
> Framed [2]
> 158315: *Feb 13 09:36:42.258 UTC: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> 158316: *Feb 13 09:36:42.258 UTC: RADIUS: Vendor, Cisco [26] 30
> 158317: *Feb 13 09:36:42.258 UTC: RADIUS: Cisco AVpair [1] 24
> "ip:addr=xxx.xxx.xxx.xxx"
> 158318: *Feb 13 09:36:42.258 UTC: RADIUS: Framed-IP-Netmask [9] 6
> 255.255.255.255
> 158319: *Feb 13 09:36:42.258 UTC: RADIUS: Framed-Routing [10] 6 3
> 158320: *Feb 13 09:36:42.258 UTC: RADIUS: Filter-Id [11] 9
> 158321: *Feb 13 09:36:42.258 UTC: RADIUS: 73 74 64 2E 70 70
> 70 [std.ppp]
> 158322: *Feb 13 09:36:42.258 UTC: RADIUS: Framed-MTU [12] 6
> 1492
> 158323: *Feb 13 09:36:42.258 UTC: RADIUS: Framed-Compression [13] 6
> VJ TCP/IP Header Compressi[1]
> 158324: *Feb 13 09:36:42.258 UTC: RADIUS(000051F8): Received from id
> 1645/157
> 158325: *Feb 13 09:36:42.262 UTC: ppp808 PPP: Phase is FORWARDING,
> Attempting Forward
> 158326: *Feb 13 09:36:42.262 UTC: ppp808 PPP: Send Message[Connect Local]
> 158327: *Feb 13 09:36:42.262 UTC: ppp808 PPP: Bind to [Virtual-Access819]
> 158328: *Feb 13 09:36:42.262 UTC: Vi819 PPP: Send Message[Static Bind
> Response]
> 158329: *Feb 13 09:36:42.266 UTC: Vi819 PPP: Phase is AUTHENTICATING,
> Authenticated User
> 158330: *Feb 13 09:36:42.266 UTC: Vi819 PAP: O AUTH-ACK id 1 len 5
> 158331: *Feb 13 09:36:42.266 UTC: Vi819 PPP: Phase is FORWARDING
> 158332: *Feb 13 09:36:42.266 UTC: Vi819 PPP: Phase is UP
> 158333: *Feb 13 09:36:42.266 UTC: Vi819 IPCP: O CONFREQ [Closed] id 1 len
> 16
> 158334: *Feb 13 09:36:42.266 UTC: Vi819 IPCP: CompressType VJ 15
> slots CompressSlotID (0x0206002D0F01)
> 158335: *Feb 13 09:36:42.266 UTC: Vi819 IPCP: Address 202.134.26.129
> (0x0306CA861A81)
> 158336: *Feb 13 09:36:42.266 UTC: Vi819 PPP: Process pending ncp packets
> 158337: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: I CONFREQ [REQsent] id 1
> len 22
> 158338: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: Address 0.0.0.0
> (0x030600000000)
> 158339: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: PrimaryDNS 0.0.0.0
> (0x810600000000)
> 158340: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: SecondaryDNS 0.0.0.0
> (0x830600000000)
> 158341: *Feb 13 09:36:42.274 UTC: Vi819 AAA/AUTHOR/IPCP: Start. Her
> address 0.0.0.0, we want 0.0.0.0
> 158342: *Feb 13 09:36:42.274 UTC: Vi819 AAA/AUTHOR/IPCP: Done. Her
> address 0.0.0.0, we want xxx.xxx.xxx.xxx
> 158343: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: O CONFREJ [REQsent] id 1
> len 10
> 158344: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: SecondaryDNS 0.0.0.0
> (0x830600000000)
> 158345: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: I CONFREJ [REQsent] id 1
> len 10
> 158346: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: CompressType VJ 15
> slots CompressSlotID (0x0206002D0F01)
> 158347: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: O CONFREQ [REQsent] id 2
> len 10
> 158348: *Feb 13 09:36:42.274 UTC: Vi819 IPCP: Address 202.134.26.129
> (0x0306CA861A81)
> 158349: *Feb 13 09:36:42.282 UTC: Vi819 IPCP: I CONFREQ [REQsent] id 2
> len 16
> 158350: *Feb 13 09:36:42.282 UTC: Vi819 IPCP: Address 0.0.0.0
> (0x030600000000)
> 158351: *Feb 13 09:36:42.282 UTC: Vi819 IPCP: PrimaryDNS 0.0.0.0
> (0x810600000000)
> 158352: *Feb 13 09:36:42.282 UTC: Vi819 IPCP: O CONFNAK [REQsent] id 2
> len 16
> 158353: *Feb 13 09:36:42.282 UTC: Vi819 IPCP: Address xxx.xxx.xxx.xxx
> (0x0306CA861A82)
> 158354: *Feb 13 09:36:42.282 UTC: Vi819 IPCP: PrimaryDNS
> yyy.yyy.yyy.yyy (0x8106CA861877)
> 158355: *Feb 13 09:36:42.286 UTC: Vi819 IPCP: I CONFACK [REQsent] id 2
> len 10
> 158356: *Feb 13 09:36:42.286 UTC: Vi819 IPCP: Address 202.134.26.129
> (0x0306CA861A81)
> 158357: *Feb 13 09:36:42.290 UTC: Vi819 IPCP: I CONFREQ [ACKrcvd] id 3
> len 16
> 158358: *Feb 13 09:36:42.290 UTC: Vi819 IPCP: Address xxx.xxx.xxx.xxx
> (0x0306CA861A82)
> 158359: *Feb 13 09:36:42.290 UTC: Vi819 IPCP: PrimaryDNS
> yyy.yyy.yyy.yyy (0x8106CA861877)
> 158360: *Feb 13 09:36:42.290 UTC: Vi819 IPCP: O CONFACK [ACKrcvd] id 3
> len 16
> 158361: *Feb 13 09:36:42.290 UTC: Vi819 IPCP: Address xxx.xxx.xxx.xxx
> (0x0306CA861A82)
> 158362: *Feb 13 09:36:42.290 UTC: Vi819 IPCP: PrimaryDNS
> yyy.yyy.yyy.yyy (0x8106CA861877)
> 158363: *Feb 13 09:36:42.290 UTC: Vi819 IPCP: State is Open
> 158364: *Feb 13 09:36:42.294 UTC: Vi819 PPP: Sending Acct Event[Down]
> id[51F8]
> 158365: *Feb 13 09:36:42.294 UTC: Vi819 IPCP: State is Closed
> 158366: *Feb 13 09:36:42.294 UTC: Vi819 PPP: Phase is TERMINATINGndebu
> 158367: *Feb 13 09:36:42.294 UTC: Vi819 LCP: O TERMREQ [Open] id 3 len 4
> 158368: *Feb 13 09:36:42.318 UTC: Vi819 LCP: I TERMACK [TERMsent] id 3 len
> 4
> 158369: *Feb 13 09:36:42.318 UTC: Vi819 LCP: State is Closed
> 158370: *Feb 13 09:36:42.318 UTC: Vi819 PPP: Phase is DOWN
> 158371: *Feb 13 09:36:42.318 UTC: Vi819 PPP: Send Message[Disconnect]
>
>
> Regards
>
> Siumafua
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
More information about the cisco-bba
mailing list