[cisco-nas] strange double AUTH'ing for same PPP sessions withAS5300/12.2(15)T9

Fri Jan 23 03:56:41 EST 2004

Darryl Sladden wrote:
> Gerald,
> 
> Could you be executing a DNIS pre-authentication then an 
> AUTH request ?
Hello Darryl,

DNIS pre-authentication is not what we want and we have no
pre-authentication configured:

  as-popi#sh run | inc aaa  
  aaa new-model
  aaa session-mib disconnect    (<- thats why we have upgraded to 12.2(15)T9)
  aaa group server radius popi
  aaa authentication login default local enable
  aaa authentication ppp default if-needed group popi
  aaa authorization network default if-authenticated none 
  aaa authorization configuration default group popi 
  aaa accounting delay-start 
  aaa accounting network default start-stop group popi
  aaa route download 30
  aaa session-id common
   dialer aaa
   dialer aaa

The problem occurs only when the session mode become VDP.
If the mode become MLP no second AUTH'ing will be made and
all is fine:

- VDP Session:
AS5300:
  Vi231        henne              VDP          00:00:25 195.222.xxx.xxx
  Se2:4        henne              Sync PPP     00:00:28 
RADIUS:
  Fri Jan 23 09:47:04 2004 : Auth: Login OK: [henne] (from client AS-POPi port 20204 cli 4211633795)
  Fri Jan 23 09:47:07 2004 : Auth: Login OK: [henne] (from client AS-POPi port 231)

- MLP Session:
AS5300:
  Vi318        dataplot           MLP Bundle   00:00:06 195.222.xxx.xxx
  Se2:30       dataplot           Sync PPP     -        Bundle: Vi318
RADIUS:
  Fri Jan 23 09:48:31 2004 : Auth: Login OK: [dataplot] (from client AS-POPi port 20327 cli 4193995166)

Gerald