[cisco-nas] corrupted radius packets

Dennis Peng dpeng at cisco.com
Thu Sep 9 20:32:42 EDT 2004


jc [jc at isnet.net] wrote:
> hi,
> 
> anybody seen this before ??
> 
> ----
> Sep  9 21:27:40.185:     Invalid attribute in radius buffer
> Sep  9 21:27:40.185:     Unable to dump packet further
> --------

It's displayed if the attribute length is less then 2 which is
invalid. Do you have a sniffer trace of the offending packets?

Dennis

> running c5300-is-mz.122-24b ... losing a lot of radius packets and i am
> trying to find the cause...  (yes, i know it could be various factors, i
> am just taking them out one by one)....
> 
> 
> j.
> 
> 
> 
> 
> 
> Syslog logging: enabled (0 messages dropped, 198 messages rate-limited, 0 flushes, 0 overruns)
>     Console logging: disabled
>     Monitor logging: level debugging, 0 messages logged
>     Buffer logging: level debugging, 13331 messages logged
>     Logging Exception size (4096 bytes)
>     Trap logging: level informational, 1548 message lines logged
> 
> Log Buffer (8192 bytes):
> 7:15.453: RADIUS: ustruct sharecount=2
> Sep  9 21:27:15.453: Radius: radius_port_info() success=1 radius_nas_port=1
> Sep  9 21:27:15.453: RADIUS: added cisco VSA 2 len 10 "Serial1:27"
> Sep  9 21:27:15.457: RADIUS: Initial Transmit Serial1:27 id 84 196.26.208.10:1645, Access-Request, len 98
> Sep  9 21:27:15.457:         Attribute 4 6 C4264842
> Sep  9 21:27:15.457:         Attribute 5 6 00004E9F
> Sep  9 21:27:15.457:         Attribute 26 18 00000009020C5365
> Sep  9 21:27:15.457:         Attribute 61 6 00000002
> Sep  9 21:27:15.457:         Attribute 1 9 33303730
> Sep  9 21:27:15.457:         Attribute 30 9 33303730
> Sep  9 21:27:15.457:         Attribute 2 18 60CA554E
> Sep  9 21:27:15.457:         Attribute 6 6 00000005
> Sep  9 21:27:15.481: RADIUS: Received from id 84 196.26.208.10:1645, Access-Accept, len 56
> Sep  9 21:27:15.481:         Attribute 62 6 00000001
> Sep  9 21:27:15.481:         Attribute 135 6 A8D20202
> Sep  9 21:27:15.481:         Attribute 136 6 C40EEF02
> Sep  9 21:27:15.481:         Attribute 28 6 0003F480
> Sep  9 21:27:15.481:         Attribute 6 6 00000002
> Sep  9 21:27:15.481:         Attribute 7 6 00000001
> Sep  9 21:27:15.485: RADIUS: saved authorization data for user 62B95FD8 at 629A6ED0
> Sep  9 21:27:15.485: RADIUS: Saving attribute (0x3E) for preauth
> Sep  9 21:27:15.485: RADIUS: Saving ascend attribute (0x87) for preauth
> Sep  9 21:27:15.485: RADIUS: Saving ascend attribute (0x88) for preauth
> Sep  9 21:27:15.485: RADIUS: Saving attribute (0x1C) for preauth
> Sep  9 21:27:15.485: RADIUS: Saving attribute (0x6) for preauth
> Sep  9 21:27:15.485: RADIUS: Saving attribute (0x7) for preauth
> Sep  9 21:27:15.485: AAA/AUTHOR (1584193527): Post authorization status = PASS_ADD
> Sep  9 21:27:15.485: AAA/AUTHOR/PREAUTH: Dictionary - Setting username to '3070301'
> Sep  9 21:27:15.485: AAA/MEMORY: free_user (0x62B95FD8) user='3070301' ruser='NULL' port='Serial1:27' rem_addr='/3070301' authen_type=ASCII service=LOGIN priv=1
> Sep  9 21:27:15.485: AAA/AUTHOR/PREAUTH: Done - PASSED
> Sep  9 21:27:15.485: AAA/ACCT/DS0: channel=27, ds1=1, t3=0, slot=0, ds0=4123
> Sep  9 21:27:15.725: AAA/ACCT/DS0: channel=6, ds1=0, t3=0, slot=0, ds0=6
> Sep  9 21:27:15.725: AAA: parse name=tty28 idb type=10 tty=28
> Sep  9 21:27:15.725: AAA: name=tty28 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=28 channel=0
> Sep  9 21:27:15.725: AAA: parse name=Serial0:6 idb type=13 tty=-1
> Sep  9 21:27:15.725: AAA: name=Serial0:6 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=6
> Sep  9 21:27:15.725: AAA/ACCT/DS0: channel=6, ds1=0, t3=0, slot=0, ds0=6
> Sep  9 21:27:15.725: AAA/MEMORY: create_user (0x629C314C) user='NULL' ruser='NULL' ds0=6 port='tty28' rem_addr='async/3070301' authen_type=ASCII service=LOGIN priv=0 initial_task_id='0'
> Sep  9 21:27:15.725: AAA/AUTHEN/START (3133630674): port='tty28' list='' action=LOGIN service=LOGIN
> Sep  9 21:27:15.725: AAA/AUTHEN/START (3133630674): using "default" list
> Sep  9 21:27:15.725: AAA/AUTHEN/START (3133630674): Method=LOCAL
> Sep  9 21:27:15.725: AAA/AUTHEN (3133630674): status = GETUSER
> Sep  9 21:27:15.873: AAA/AUTHEN/ABORT: (3133630674) because Autoselected.
> Sep  9 21:27:15.873: AAA/AUTHEN/ABORT: (3133630674) because Autoselected.
> Sep  9 21:27:15.877: AAA/MEMORY: free_user_quiet (0x629C314C) user='NULL' ruser='NULL' port='tty28' rem_addr='async/3070301' authen_type=1 service=1 priv=0
> Sep  9 21:27:17.817: AAA/ACCT/DS0: channel=6, ds1=0, t3=0, slot=0, ds0=6
> Sep  9 21:27:40.157: AAA/ACCT/DS0: channel=7, ds1=2, t3=0, slot=0, ds0=8199
> Sep  9 21:27:40.157: AAA/ACCT/DS0: channel=7, ds1=2, t3=0, slot=0, ds0=8199
> Sep  9 21:27:40.161: AAA/AUTHOR/PREAUTH: DNIS-based preauthentication
> Sep  9 21:27:40.161: AAA: parse name=Serial2:7 idb type=-1 tty=-1
> Sep  9 21:27:40.161: AAA: name=Serial2:7 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=2 channel=7
> Sep  9 21:27:40.161: AAA: parse name=<no string> idb type=-1 tty=-1
> Sep  9 21:27:40.161: AAA/MEMORY: create_user (0x62B95FD8) user='3070301' ruser='NULL' ds0=0 port='Serial2:7' rem_addr='/3070301' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0'
> Sep  9 21:27:40.161: Serial2:7 AAA/AUTHOR/PREAUTH (315131741): Port='Serial2:7' list='default' service=PREAUTH
> Sep  9 21:27:40.161: AAA/AUTHOR/PREAUTH: Serial2:7 (315131741) user='3070301'
> Sep  9 21:27:40.161: Serial2:7 AAA/AUTHOR/PREAUTH (315131741): send AV service=ppp
> Sep  9 21:27:40.161: Serial2:7 AAA/AUTHOR/PREAUTH (315131741): send AV protocol=ip
> Sep  9 21:27:40.161: Serial2:7 AAA/AUTHOR/PREAUTH (315131741): found list "default"
> Sep  9 21:27:40.161: Serial2:7 AAA/AUTHOR/PREAUTH (315131741): Method=radius (radius)
> Sep  9 21:27:40.161: RADIUS: authenticating to get author data
> Sep  9 21:27:40.161: RADIUS: ustruct sharecount=2
> Sep  9 21:27:40.161: Radius: radius_port_info() success=1 radius_nas_port=1
> Sep  9 21:27:40.161: RADIUS: added cisco VSA 2 len 9 "Serial2:7"
> Sep  9 21:27:40.161: RADIUS: Initial Transmit Serial2:7 id 85 196.26.208.10:1645, Access-Request, len 97
> Sep  9 21:27:40.161:         Attribute 4 6 C4264842
> Sep  9 21:27:40.161:         Attribute 5 6 00004EEF
> Sep  9 21:27:40.161:         Attribute 26 17 00000009020B5365
> Sep  9 21:27:40.161:         Attribute 61 6 00000002
> Sep  9 21:27:40.165:         Attribute 1 9 33303730
> Sep  9 21:27:40.165:         Attribute 30 9 33303730
> Sep  9 21:27:40.165:         Attribute 2 18 D0E95EF9
> Sep  9 21:27:40.165:         Attribute 6 6 00000005
> Sep  9 21:27:40.185: RADIUS: Received from id 85 196.26.208.10:1645, Access-Accept, len 56
> Sep  9 21:27:40.185:         Attribute 62 6 00000001
> Sep  9 21:27:40.185:         Attribute 135 6 A8D20202
> Sep  9 21:27:40.185:         Attribute 136 6 C40EEF02
> Sep  9 21:27:40.185:         Attribute 28 6 0003F480
> Sep  9 21:27:40.185:         Attribute 6 6 00000002
> Sep  9 21:27:40.185:         Attribute 7 6 00000001
> Sep  9 21:27:40.185:     Invalid attribute in radius buffer
> 
> Sep  9 21:27:40.185:     Unable to dump packet further
> 
> Sep  9 21:27:40.185: RADIUS: saved authorization data for user 62B95FD8 at 62B3386C
> Sep  9 21:27:40.185: RADIUS: Saving attribute (0x3E) for preauth
> Sep  9 21:27:40.185: RADIUS: Saving ascend attribute (0x87) for preauth
> Sep  9 21:27:40.185: RADIUS: Saving ascend attribute (0x88) for preauth
> Sep  9 21:27:40.185: RADIUS: Saving attribute (0x1C) for preauth
> Sep  9 21:27:40.185: RADIUS: Saving attribute (0x6) for preauth
> Sep  9 21:27:40.185: RADIUS: Saving attribute (0x7) for preauth
> Sep  9 21:27:40.185: AAA/AUTHOR (315131741): Post authorization status = PASS_ADD
> Sep  9 21:27:40.185: AAA/AUTHOR/PREAUTH: Dictionary - Setting username to '3070301'
> Sep  9 21:27:40.185: AAA/MEMORY: free_user (0x62B95FD8) user='3070301' ruser='NULL' port='Serial2:7' rem_addr='/3070301' authen_type=ASCII service=LOGIN priv=1
> Sep  9 21:27:40.185: AAA/AUTHOR/PREAUTH: Done - PASSED
> Sep  9 21:27:40.189: AAA/ACCT/DS0: channel=7, ds1=2, t3=0, slot=0, ds0=8199
> Sep  9 21:27:41.353: AAA/ACCT/DS0: channel=27, ds1=1, t3=0, slot=0, ds0=4123
> Sep  9 21:27:41.353: AAA: parse name=tty13 idb type=10 tty=13
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas


More information about the cisco-nas mailing list