[cisco-bba] Help configuring 2 radius servers in PPPoe

Paul Cole paulcole at eti.net.gn
Thu Oct 8 15:11:45 EDT 2009 

Hi Frank,

 

Yes, we have different virtual templates.

 

I’ve tried this set up but can’t get it to work so far : 

 

aaa group server radius eti

 server 192.168.0.190 auth-port 1812 acct-port 1813

!

aaa group server radius billing

 server 192.168.0.200 auth-port 1812 acct-port 1813

!

aaa authentication login local_auth local

aaa authentication ppp default none

aaa authentication ppp eti group eti

aaa authentication ppp billing group billing

aaa authorization exec default none

aaa authorization exec eti group eti

aaa authorization exec billing group billing

aaa authorization network default none

aaa authorization network eti group eti

aaa authorization network billing group billing

aaa accounting delay-start

aaa accounting update periodic 5

aaa accounting exec eti start-stop group eti

aaa accounting exec billing start-stop group billing

aaa accounting network eti start-stop group eti

aaa accounting network billing start-stop group billing

 

bba-group pppoe clients_billing

 virtual-template 100

 sessions per-mac limit 1

!

bba-group pppoe clients_pppoe

 virtual-template 200

 sessions per-mac limit 1

!

!

interface FastEthernet0/0

 no ip address

 ip route-cache flow

 load-interval 30

 duplex auto

 speed auto

 no cdp enable

!

interface FastEthernet0/0.55

 description interface Vlan des clients du billing

 encapsulation dot1Q 55

 pppoe enable group clients_billing

 no cdp enable

!

interface FastEthernet0/0.250

 description interface vlan des clients classiques

 encapsulation dot1Q 250

 ip address 172.20.20.1 255.255.255.0

 pppoe enable group clients_pppoe

 no cdp enable

!

interface FastEthernet0/1

 ip address 192.168.0.210 255.255.255.0

 ip route-cache flow

 load-interval 30

 duplex auto

 speed auto

!

interface Virtual-Template100

 description parametres connections clients billing

 mtu 1492

 ip unnumbered FastEthernet0/1

 load-interval 30

 peer default ip address pool Pool1

 ppp authentication pap

 ppp authorization billing

 ppp accounting billing

!

interface Virtual-Template200

 description parametres connections clients pppoe classiques

 mtu 1492

 ip unnumbered FastEthernet0/1

 load-interval 30

 peer default ip address pool etitest

 ppp authentication pap

 ppp authorization eti

 ppp accounting eti

!

radius-server attribute 44 include-in-access-req

radius-server attribute 8 include-in-access-req

radius-server attribute 32 include-in-access-req

radius-server host 192.168.0.190 auth-port 1812 acct-port 1813 key hello

radius-server host 192.168.0.200 auth-port 1812 acct-port 1813 key orange

 

 

 

I’ve tried this set up but the connection stucks at the LCP stage with this
error : 

 

LCP: received AAA AUTHOR Response FAIL

 

Any hints ?

 

____________________________________________________________________________
_____

Paul 

De : Frank Bulk - iName.com [mailto:frnkblk at iname.com] 
Envoyé : jeudi 8 octobre 2009 15:53
À : 'Paul Cole'; cisco-bba at puck.nether.net
Objet : RE: [cisco-bba] Help configuring 2 radius servers in PPPoe

 

Do these customers user different Virtual-Templates?  If so, I believe you
can assign the radius information in the Virtual-Template, overriding those
set at the global level.

 

Frank

 

From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Paul Cole
Sent: Thursday, October 08, 2009 5:12 AM
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] Help configuring 2 radius servers in PPPoe

 

Hi,

 

I have a 7206VXR router connected to two radius servers and sending radius
attributes to those servers.

 

I have already set up the conf as this:

 

aaa group server radius test

Server aaaa.aaaa.aaaa.aaaa  auth-port 1812 acct-port 1813

Server bbbb.bbbb.bbbb.bbbb  auth-port 1812 acct-port 1813

 

And then

 

Radius-server host aaaa.aaaa.aaaa.aaaa auth-port 1812 acct-port 1813

Radius-server host bbbb.bbbb.bbbb.bbbb auth-port 1812 acct-port 1813

 

Radius-server key key_for_aaaa

Radius-server key key_for_bbbb

 

Radius-server vsa send accounting

Radius-server vsa send authentication

 

Is there any way to link each radius server (aaaa or bbbb) with its key (how
does it work ? does the key being sent to both radius aaaa and bbbb and then
radius checks against its own key ?

 

Also, I don’t want to send to both of them (radius aaa will be for a
specific category of users in a specific vlan and the same goes to radius
bbbb) the same accounting infos as radius aaaa will be receiving different
set of infos than radius bbbb.

 

How can I achieve this ? Is there any way to send some accounting infos to
radius aaaa only for users in vlan aaaa and accounting infos to radius bbbb
for users in vlan bbbb ?

 

Thanks for your help.

 

____________________________________________________________________________
____

Paul 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20091008/0a215cf7/attachment-0001.html>

More information about the cisco-bba mailing list