[cisco-nas] Re: Framed-Route syntax change in 12.3?
Rainer Clasen
bj at zuto.de
Fri Jul 9 04:58:19 EDT 2004
Oliver Boehmer (oboehmer) wrote:
> > did the Framed-Route syntax in 12.3.6a change? We've started to get
> > the following message for a bunch of backup dialins:
> >
> > %AAA-3-PARSEERR: Error(2) parser is unable to parse IP route
> > 192.168.1.0 255.255.255.0 150 per-user command
> >
> > This used to work fine with 12.1, 12.1T, 12.2 on as5300. I couldn't
> > find any syntax description searching cisco.com.
>
> The whole AAA infrastructure has been re-written in 12.2T/12.3, but this
> should be (more or less) transparent. Can you post "debug radius", "deb
> aaa author" and "deb aaa per-user" (or send it unicast) to check how the
> framed-route arrives and how it is being processed.
Jepp, here it comes - let me know if I've x-ed out too much:
1683: Jul 9 08:45:09.333: AAA/BIND(0000113D): Bind i/f Serial2:21
1684: Jul 9 08:45:09.333: AAA/ACCT/DS0: channel=21, ds1=2, t3=0, slot=0, ds0=8213
1685: Jul 9 08:45:09.333: AAA/ACCT/DS0: channel=21, ds1=2, t3=0, slot=0, ds0=8213
1686: Jul 9 08:45:10.025: RADIUS/ENCODE(0000113D):Orig. component type = ISDN
1687: Jul 9 08:45:10.029: RADIUS(0000113D): Storing nasport 20221 in rad_db
1688: Jul 9 08:45:10.029: RADIUS(0000113D): Config NAS IP: xx.xx.xx.xx
1689: Jul 9 08:45:10.029: RADIUS/ENCODE(0000113D): acct_session_id: 7400
1690: Jul 9 08:45:10.029: RADIUS(0000113D): sending
1691: Jul 9 08:45:10.029: RADIUS(0000113D): Send Access-Request to xxx.xxx.xx.x:1645 id 1645/248, len 130
1692: Jul 9 08:45:10.029: RADIUS: authenticator 82 C4 9E 4F BC 3E 11 73 - 3E D5 FF 04 62 6A 33 6E
1693: Jul 9 08:45:10.029: RADIUS: Framed-Protocol [7] 6 PPP [1]
1694: Jul 9 08:45:10.029: RADIUS: User-Name [1] 10 "xxx"
1695: Jul 9 08:45:10.029: RADIUS: User-Password [2] 18 *
1696: Jul 9 08:45:10.029: RADIUS: Vendor, Cisco [26] 18
1697: Jul 9 08:45:10.029: RADIUS: cisco-nas-port [2] 12 "Serial2:21"
1698: Jul 9 08:45:10.029: RADIUS: NAS-Port [5] 6 20221
1699: Jul 9 08:45:10.029: RADIUS: NAS-Port-Type [61] 6 ISDN [2]
1700: Jul 9 08:45:10.029: RADIUS: Calling-Station-Id [31] 12 "xxxx"
1701: Jul 9 08:45:10.029: RADIUS: Called-Station-Id [30] 10 "xxxx"
1702: Jul 9 08:45:10.029: RADIUS: Connect-Info [77] 12 "64000 HDLC"
1703: Jul 9 08:45:10.029: RADIUS: Service-Type [6] 6 Framed [2]
1704: Jul 9 08:45:10.029: RADIUS: NAS-IP-Address [4] 6 xx.xx.xx.xx
1705: Jul 9 08:45:10.037: RADIUS: Received from id 1645/248 xxx.xxx.xx.x:1645, Access-Accept, len 83
1706: Jul 9 08:45:10.037: RADIUS: authenticator 4E 21 08 A6 B2 F0 F9 AE - B6 82 06 D2 12 F4 9A 9D
1707: Jul 9 08:45:10.037: RADIUS: Service-Type [6] 6 Framed [2]
1708: Jul 9 08:45:10.037: RADIUS: Framed-Protocol [7] 6 PPP [1]
1709: Jul 9 08:45:10.037: RADIUS: Framed-Route [22] 22 "192.168.1.0/29 150"
1710: Jul 9 08:45:10.037: RADIUS: Framed-Route [22] 23 "192.168.2.0/29 150"
1711: Jul 9 08:45:10.037: RADIUS: Framed-MTU [12] 6 1500
1712: Jul 9 08:45:10.037: RADIUS(0000113D): Received from id 1645/248
1713: Jul 9 08:45:10.041: Se2:21 PPP/AAA: Check Attr: service-type
1714: Jul 9 08:45:10.041: Se2:21 PPP/AAA: Check Attr: Framed-Protocol
1715: Jul 9 08:45:10.041: Se2:21 PPP/AAA: Check Attr: route: Peruser
1716: Jul 9 08:45:10.041: Se2:21 PPP/AAA: Check Attr: route: Peruser
1717: Jul 9 08:45:10.041: Se2:21 PPP/AAA: Check Attr: Framed-MTU
1718: Jul 9 08:45:10.041: Se2:21 AAA/AUTHOR/LCP: Process Author
1719: Jul 9 08:45:10.041: Se2:21 AAA/AUTHOR/LCP: Process Attr: service-type
1720: Jul 9 08:45:10.045: RADIUS/ENCODE(0000113D):Orig. component type = ISDN
1721: Jul 9 08:45:10.045: RADIUS(0000113D): Using existing nas_port 20221
1722: Jul 9 08:45:10.045: RADIUS(0000113D): Config NAS IP: xx.xx.xx.xx
1723: Jul 9 08:45:10.045: RADIUS(0000113D): sending
1724: Jul 9 08:45:10.085: RADIUS(0000113D): Send Accounting-Request to xxx.xxx.xx.x:1646 id 1646/52, len 172
1725: Jul 9 08:45:10.089: RADIUS: authenticator 5C 1E AB FC 69 6A 91 1D - C4 5D 15 58 81 EE FA 1C
1726: Jul 9 08:45:10.089: RADIUS: Acct-Session-Id [44] 10 "00001CE8"
1727: Jul 9 08:45:10.089: RADIUS: Framed-Protocol [7] 6 PPP [1]
1728: Jul 9 08:45:10.089: RADIUS: User-Name [1] 10 "xxx"
1729: Jul 9 08:45:10.089: RADIUS: Vendor, Cisco [26] 32
1730: Jul 9 08:45:10.089: RADIUS: Cisco AVpair [1] 26 "connect-progress=Call Up"
1731: Jul 9 08:45:10.089: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
1732: Jul 9 08:45:10.089: RADIUS: Acct-Status-Type [40] 6 Start [1]
1733: Jul 9 08:45:10.089: RADIUS: Vendor, Cisco [26] 18
1734: Jul 9 08:45:10.089: RADIUS: cisco-nas-port [2] 12
1735: "Serial2:21"
1736: Jul 9 08:45:10.089: RADIUS: NAS-Port [5] 6 20221
1737: Jul 9 08:45:10.089: RADIUS: NAS-Port-Type [61] 6 ISDN [2]
1738: Jul 9 08:45:10.089: RADIUS: Calling-Station-Id [31] 12 "xxxx"
1739: Jul 9 08:45:10.089: RADIUS: Called-Station-Id [30] 10 "xxxx"
1740: Jul 9 08:45:10.089: RADIUS: Connect-Info [77] 12 "64000 HDLC"
1741: Jul 9 08:45:10.089: RADIUS: Service-Type [6] 6 Framed [2]
1742: Jul 9 08:45:10.089: RADIUS: NAS-IP-Address [4] 6 xx.xx.xx.xx
1743: Jul 9 08:45:10.089: RADIUS: Acct-Delay-Time [41] 6 0
1744: Jul 9 08:45:10.093: AAA/BIND(0000113D): Bind i/f Virtual-Access11
1745: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/LCP: Process Author
1746: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/LCP: Process Attr: service-type
1747: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/IPCP: FSM authorization not needed
1748: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/FSM: We can start IPCP
1749: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
1750: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/IPCP: Processing AV route
1751: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/IPCP: Processing AV route
1752: Jul 9 08:45:10.093: Vi11 AAA/AUTHOR/IPCP: Authorization succeeded
1753: Jul 9 08:45:10.097: Vi11 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0
1754: Jul 9 08:45:10.097: RADIUS: Received from id 1646/52 xxx.xxx.xx.x:1646, Accounting-response, len 20
1755: Jul 9 08:45:10.097: RADIUS: authenticator 2E 68 16 45 1E 67 73 9D - A7 D5 B6 99 CD 95 52 82
1756: Jul 9 08:45:10.185: AAA/AUTHOR: Processing PerUser AV route
1757: Jul 9 08:45:10.185: AAA/AUTHOR: Processing PerUser AV route
1758: Jul 9 08:45:10.185: Vi11 AAA/PERUSER/ROUTE: route string: IP route 192.168.1.0 255.255.255.248 150
1759:
1760: Jul 9 08:45:10.185: Vi11 AAA/PERUSER/ROUTE: route string: IP route 192.168.2.0 255.255.255.248 150
1761:
1762: Jul 9 08:45:10.189: AAA/PER-USER: mode = config; command = [IP route 192.168.1.0 255.255.255.248 150
1763: IP route 192.168.2.0 255.255.255.248 150
1764: ]
1765: Jul 9 08:45:10.189: AAA/PER-USER: line = [IP route 192.168.1.0 255.255.255.248 150 ]
1766: Jul 9 08:45:10.197: %AAA-3-PARSEERR: Error(2) parser is unable to parse IP route 192.168.1.0 255.255.255.248 150 per-user command
1767: Jul 9 08:45:10.197: AAA/PER-USER: ERROR command = [IP route 192.168.1.0 255.255.255.248 150 ]
1768: Jul 9 08:45:10.197: AAA/PER-USER: ERROR line = [IP route 192.168.1.0 255.255.255.248 150
1769: IP route 192.168.2.0 255.255.255.248 150
1770: ]
1771: Jul 9 08:45:10.201: RADIUS/ENCODE(0000113D):Orig. component type = ISDN
1772: Jul 9 08:45:10.201: RADIUS(0000113D): Using existing nas_port 20221
1773: Jul 9 08:45:10.201: RADIUS(0000113D): Config NAS IP: xx.xx.xx.xx
1774: Jul 9 08:45:10.201: RADIUS(0000113D): sending
1775: Jul 9 08:45:10.205: RADIUS(0000113D): Send Accounting-Request to xxx.xxx.xx.x:1646 id 1646/53, len 211
1776: Jul 9 08:45:10.205: RADIUS: authenticator 99 4A EE 12 6F C5 54 BD - 90 5C 43 1A 3E AC C5 AE
1777: Jul 9 08:45:10.205: RADIUS: Acct-Session-Id [44] 10 "00001CE8"
1778: Jul 9 08:45:10.205: RADIUS: Framed-Protocol [7] 6 PPP [1]
1779: Jul 9 08:45:10.205: RADIUS: Framed-IP-Address [8] 6 xx.xx.xx.xx
1780: Jul 9 08:45:10.205: RADIUS: User-Name [1] 10 "xxx"
1781: Jul 9 08:45:10.205: RADIUS: Vendor, Cisco [26] 35
1782: Jul 9 08:45:10.209: RADIUS: Cisco AVpair [1] 29 "connect-progress=LAN Ses Up"
1783: Jul 9 08:45:10.209: RADIUS: Acct-Session-Time [46] 6 0
1784: Jul 9 08:45:10.209: RADIUS: Acct-Input-Octets [42] 6 86
1785: Jul 9 08:45:10.209: RADIUS: Acct-Output-Octets [43] 6 74
1786: Jul 9 08:45:10.209: RADIUS: Acct-Input-Packets [47] 6 5
1787: Jul 9 08:45:10.209: RADIUS: Acct-Output-Packets [48] 6 5
1788: Jul 9 08:45:10.209: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
1789: Jul 9 08:45:10.209: RADIUS: Acct-Status-Type [40] 6 Watchdog [3]
1790: Jul 9 08:45:10.209: RADIUS: Vendor, Cisco [26] 18
1791: Jul 9 08:45:10.209: RADIUS: cisco-nas-port [2] 12 "Serial2:21"
1792: Jul 9 08:45:10.209: RADIUS: NAS-Port [5] 6 20221
1793: Jul 9 08:45:10.209: RADIUS: NAS-Port-Type [61] 6 ISDN [2]
1794: Jul 9 08:45:10.209: RADIUS: Calling-Station-Id [31] 12 "xxxx"
1795: Jul 9 08:45:10.209: RADIUS: Called-Station-Id [30] 10 "xxxx"
1796: Jul 9 08:45:10.209: RADIUS: Connect-Info [77] 12 "64000 HDLC"
1797: Jul 9 08:45:10.209: RADIUS: Service-Type [6] 6 Framed [2]
1798: Jul 9 08:45:10.209: RADIUS: NAS-IP-Address [4] 6 xx.xx.xx.xx
1799: Jul 9 08:45:10.209: RADIUS: Acct-Delay-Time [41] 6 0
1800: Jul 9 08:45:10.213: AAA/PER-USER: mode = config; command = [no IP route 192.168.1.0 255.255.255.248 150
1801: no IP route 192.168.2.0 255.255.255.248 150
1802: ]
1803: Jul 9 08:45:10.213: AAA/PER-USER: line = [no IP route 192.168.1.0 255.255.255.248 150 ]
1804: Jul 9 08:45:10.229: PPP: Message from per-user configuration ...
1805: Jul 9 08:45:10.229: %No matching route to delete
1806:
1807: Jul 9 08:45:10.229: AAA/PER-USER: line = [no IP route 192.168.2.0 255.255.255.248 150 ]
1808: Jul 9 08:45:10.245: PPP: Message from per-user configuration ...
1809: Jul 9 08:45:10.245: %No matching route to delete
1810:
1811: Jul 9 08:45:10.245: RADIUS: Received from id 1646/53 xxx.xxx.xx.x:1646, Accounting-response, len 20
1812: Jul 9 08:45:10.245: RADIUS: authenticator 60 EB 66 DA 15 40 12 BF - 5A CC 44 DF C1 15 98 64
Rainer
--
KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0 B0E1 0556 E25A 7599 75BD
More information about the cisco-nas
mailing list