[cisco-nas] 7206, ADSL connections and backend Radius

mb at os.datafx.com.au mb at os.datafx.com.au
Sun Jul 13 12:40:10 EDT 2003 

In the process of setting up a 7206 to terminate ADSL connections, using a 
Radiator (Radius) server for auth. 

The test ADSL connection appears to authenticate successfuly, but then 
disconnect immediately, then attempt to authenticate again. 

I am seeing the following in the 7206 logs: 

Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: Looking for tunnel 
dsl.datafx.com.au 
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: tunnel dsl.datafx.com.au 
doesn't exist 
Jul 13 08:13:57.335 aest: AAA/AUTHOR (2818497300): Post authorization status = 
ERROR 

and 

Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 18/"Host Request" 
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp" 
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1046/"Upper Layer Req 
Close" 
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp" 
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 1/"User Request" 
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp" 
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1045/"Received 
Terminate" 

Then I see the connection est. then a nosess: 

gc-rt-02#show vpdn 

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocID RemID Remote Name   State  Remote Address  Port  Sessions
47831 30470 for-cor3      est    210.8.1.65      1701  1       

LocID RemID TunID Intf       Username      State  Last Chg Fastswitch
9635  24675 47831 Vi1        connect_test@ est    00:00:00 enabled 

%No active L2F tunnels

%No active PPTP tunnels

%No active PPPoE tunnels
gc-rt-02#


gc-rt-02#show vpdn 

L2TP Tunnel and Session Information Total tunnels 1 sessions 0

LocID RemID Remote Name   State  Remote Address  Port  Sessions
47831 30470 for-cor3      nosess 210.8.1.65      1701  0       

%No active L2F tunnels

%No active PPTP tunnels

%No active PPPoE tunnels
gc-rt-02#

Radius server is reporting the term cause as 'Host-Request': 
Acct-Terminate-Cause = Host-Request 


Have the following on the 7206 (Multiple vpdn-groups are defined): 

aaa new-model 
aaa authentication ppp default if-needed group radius 
aaa authorization network default group radius local 
aaa authorization network l2tp group radius 
aaa accounting update periodic 10 
aaa accounting network default start-stop group radius 
aaa accounting network l2tp start-stop group radius 
! 
vpdn enable 
vpdn multihop 
vpdn aaa attribute nas-port vpdn-nas 
no vpdn logging remote 
no vpdn logging user 
vpdn history failure table-size 50 
vpdn ignore udp checksum 
vpdn search-order domain 
vpdn domain-delimiter @ suffix 
vpdn domain-delimiter / prefix 
! 
vpdn-group for 
accept-dialin 
protocol l2tp 
virtual-template 1 
terminate-from hostname for-cor3 
local name dsl.datafx.com.au 
lcp renegotiation on-mismatch 
l2tp tunnel password 7 08306004044D40 
! 
interface Virtual-Template1 
description Connect L2TP termination 
no ip address 
ppp authentication pap chap callin 
ppp authorization l2tp 
ppp accounting l2tp 
! 
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 
radius-server retransmit 3 
radius-server attribute 25 nas-port format d 
radius-server attribute nas-port format d 
radius-server key ############# 
! 

I'm certain I am missing something vital in the radius config... 

Any assistance is greatly appreciated. 

Regards, 
MB 




-------------------------------------------------------------------------
This e-mail was sent via Data FX Online WebMail http://www.datafx.com.au/

More information about the cisco-nas mailing list