[cisco-nas] cisco and nas-port equal zero (NAS-Port = 0)

pc286 at bk.ru pc286 at bk.ru
Mon Nov 20 05:02:57 EST 2006


Hello, all!

how to fix "NAS-Port = 0" ?

cisco AS5350
ios c5350-is-mz.122-15.T9.bin

related config strings (i think):

aaa new-model
!
!
aaa group server radius GROUP_ONE
 server 11.11.22.2 auth-port 1234 acct-port 1235
!
aaa group server radius GROUP_TWO
 server 11.22.22.2 auth-port 1234 acct-port 1235
!
aaa authentication login default line
aaa authentication login h323 group GROUP_ONE
aaa authentication ppp default group GROUP_TWO
aaa authorization exec h323 group GROUP_ONE
aaa authorization network default group GROUP_TWO
aaa accounting update newinfo
aaa accounting network default start-stop group GROUP_TWO
aaa accounting network h323 start-stop group GROUP_ONE
aaa accounting connection h323 start-stop group GROUP_ONE
aaa nas port extended
aaa session-id common
!
virtual-profile virtual-template 1
vpdn enable
vpdn aaa attribute nas-port vpdn-nas
!
radius-server attribute 44 include-in-access-req
no radius-server attribute 77 include-in-acct-req
no radius-server attribute 77 include-in-access-req
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute nas-port format c
radius-server host 11.11.22.2 auth-port 1234 acct-port 1235 key 7 0101010101010101010101
radius-server host 11.22.22.2 auth-port 1234 acct-port 1235 key 7 0101010101010101010101
radius-server timeout 20
radius-server deadtime 100
radius-server key 7 0101010101010101
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
!
subscriber access pppoe pre-authorize nas-port-id default
!


cs-console#debug radius authentication

Nov 20 12:39:18 cs1 79202: Nov 20 12:39:18.293 MSK: RADIUS(00017EBB):Send Access-Request to 11.22.22.2:1234 id 21660/59, len 104
Nov 20 12:39:18 cs1 79203: Nov 20 12:39:18.293 MSK: RADIUS:  authenticator 32 8D 70 BB 26 69 6C 02 - 7A CB 6F AB CE 52 9E CC
Nov 20 12:39:18 cs1 79204: Nov 20 12:39:18.293 MSK: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Nov 20 12:39:18 cs1 79205: Nov 20 12:39:18.293 MSK: RADIUS:  User-Name          [1]   9   "user"
Nov 20 12:39:18 cs1 79206: Nov 20 12:39:18.293 MSK: RADIUS:  User-Password       [2]   18  *
Nov 20 12:39:18 cs1 79207: Nov 20 12:39:18.293 MSK: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Nov 20 12:39:18 cs1 79208: Nov 20 12:39:18.293 MSK: RADIUS:  Vendor, Cisco       [26]  17
Nov 20 12:39:18 cs1 79209: Nov 20 12:39:18.297 MSK: RADIUS:   cisco-nas-port     [2]   11  "0/0/1/100"
Nov 20 12:39:18 cs1 79210: Nov 20 12:39:18.297 MSK: RADIUS:  NAS-Port            [5]   6   0
Nov 20 12:39:18 cs1 79211: Nov 20 12:39:18.297 MSK: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Nov 20 12:39:18 cs1 79212: Nov 20 12:39:18.297 MSK: RADIUS:  NAS-IP-Address      [4]   6   11.22.22.2
Nov 20 12:39:18 cs1 79213: Nov 20 12:39:18.297 MSK: RADIUS:  Acct-Session-Id     [44]  10  "0001E46D"
Nov 20 12:39:18 cs1 79214: Nov 20 12:39:18.877 MSK: RADIUS(00017EBD): Storing nasport 0 in rad_db
Nov 20 12:39:18 cs1 79215: Nov 20 12:39:18.877 MSK: RADIUS(00017EBD): Config NAS IP: 11.22.22.2
Nov 20 12:39:18 cs1 79216: Nov 20 12:39:18.877 MSK: RADIUS/ENCODE(00017EBD): acct_session_id: 124016
Nov 20 12:39:18 cs1 79217: Nov 20 12:39:18.877 MSK: RADIUS(00017EBD): sending
Nov 20 12:39:18 cs1 79218: Nov 20 12:39:18.881 MSK: RADIUS(00017EBD): Send Access-Request to 11.22.22.2:1234 id 21660/60, len 122
Nov 20 12:39:18 cs1 79219: Nov 20 12:39:18.881 MSK: RADIUS:  authenticator C9 FB 38 C5 F0 D7 1F 09 - 6C B6 87 E0 5F D3 BE 4B
Nov 20 12:39:18 cs1 79220: Nov 20 12:39:18.881 MSK: RADIUS:  User-Name           [1]   33  "nas-port:11.22.22.2:0/0/1/100"
Nov 20 12:39:18 cs1 79221: Nov 20 12:39:18.881 MSK: RADIUS:  User-Password       [2]   18  *
Nov 20 12:39:19 cs1 79222: Nov 20 12:39:18.881 MSK: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Nov 20 12:39:19 cs1 79223: Nov 20 12:39:18.881 MSK: RADIUS:  Vendor, Cisco       [26]  17
Nov 20 12:39:19 cs1 79224: Nov 20 12:39:18.881 MSK: RADIUS:   cisco-nas-port     [2]   11  "0/0/1/100"
Nov 20 12:39:19 cs1 79225: Nov 20 12:39:18.881 MSK: RADIUS:  NAS-Port            [5]   6   0
Nov 20 12:39:19 cs1 79226: Nov 20 12:39:18.881 MSK: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
Nov 20 12:39:19 cs1 79227: Nov 20 12:39:18.881 MSK: RADIUS:  NAS-IP-Address      [4]   6   11.22.22.2
Nov 20 12:39:19 cs1 79228: Nov 20 12:39:18.881 MSK: RADIUS:  Acct-Session-Id     [44]  10  "0001E470"


if i change
from "radius-server attribute nas-port format c"
to "radius-server attribute nas-port format d"
or to "radius-server attribute nas-port format e <ANY STRING>"

i get samething like this:

Nov 20 12:49:00 cs1 80295: Nov 20 12:49:00.376 MSK: RADIUS(00015F83): Using existing nas_port 0
Nov 20 12:49:00 cs1 80296: Nov 20 12:49:00.376 MSK: RADIUS(00015F83): Config NAS IP: 11.22.22.2
Nov 20 12:49:02 cs1 80297: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): Storing nasport 16777316 in rad_db
Nov 20 12:49:02 cs1 80298: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): Config NAS IP: 11.22.22.2
Nov 20 12:49:02 cs1 80299: Nov 20 12:49:01.216 MSK: RADIUS/ENCODE(000180FB): acct_session_id: 124901
Nov 20 12:49:02 cs1 80300: Nov 20 12:49:01.216 MSK: RADIUS/ENCODE(000180FB): Acct-session-id pre-pended with Nas Port = 0/0/1/100
Nov 20 12:49:02 cs1 80301: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): sending
Nov 20 12:49:02 cs1 80302: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): Send Access-Request to 11.22.22.2:1234 id 21671/1, len 132
Nov 20 12:49:02 cs1 80303: Nov 20 12:49:01.216 MSK: RADIUS:  authenticator 72 DB 80 96 61 92 E7 A1 - 53 CA 6F 34 BF E8 B6 3A
Nov 20 12:49:02 cs1 80304: Nov 20 12:49:01.216 MSK: RADIUS:  User-Name           [1]   33  "nas-port:11.22.22.2:0/0/1/100"
Nov 20 12:49:02 cs1 80305: Nov 20 12:49:01.216 MSK: RADIUS:  User-Password       [2]   18  *
Nov 20 12:49:02 cs1 80306: Nov 20 12:49:01.216 MSK: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]
Nov 20 12:49:02 cs1 80307: Nov 20 12:49:01.216 MSK: RADIUS:  Vendor, Cisco       [26]  17
Nov 20 12:49:02 cs1 80308: Nov 20 12:49:01.216 MSK: RADIUS:   cisco-nas-port     [2]   11  "0/0/1/100"
Nov 20 12:49:02 cs1 80309: Nov 20 12:49:01.216 MSK: RADIUS:  NAS-Port            [5]   6   16777316
Nov 20 12:49:02 cs1 80310: Nov 20 12:49:01.216 MSK: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
Nov 20 12:49:02 cs1 80311: Nov 20 12:49:01.220 MSK: RADIUS:  NAS-IP-Address      [4]   6   11.22.22.2
Nov 20 12:49:02 cs1 80312: Nov 20 12:49:01.220 MSK: RADIUS:  Acct-Session-Id     [44]  20  "0/0/1/100_0001E7E5"
Nov 20 12:49:02 cs1 80313: Nov 20 12:49:01.244 MSK: RADIUS: Received from id 21670/254 11.22.22.2:1234, Access-Reject, len 1072
Nov 20 12:49:02 cs1 80314: Nov 20 12:49:01.244 MSK: RADIUS:  authenticator DD 27 FF B3 22 F5 32 2D - D6 F3 B5 F5 18 0C EB 71
Nov 20 12:49:02 cs1 80315: Nov 20 12:49:01.244 MSK: RADIUS:  Vendor, Ascend      [26]  12
Nov 20 12:49:02 cs1 80316: Nov 20 12:49:01.244 MSK: RADIUS:  Unsupported         [50]  6
Nov 20 12:49:02 cs1 80317: Nov 20 12:49:01.244 MSK: RADIUS:   00 00 00 01                                      [????]
Nov 20 12:49:02 cs1 80318: Nov 20 12:49:01.244 MSK: RADIUS:  Vendor, Ascend      [26]  40
Nov 20 12:49:02 cs1 80319: Nov 20 12:49:01.244 MSK: RADIUS:  Ascend-Data-Filter  [242] 34
Nov 20 12:49:02 cs1 80320: Nov 20 12:49:01.244 MSK: RADIUS:   01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01  [????????????????]
Nov 20 12:49:02 cs1 80321: Nov 20 12:49:01.248 MSK: RADIUS:   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     [???????????????]


but in this case NAS-Port is a constant, and don't depent on
connection. And NAS-Port-Type become Ethernet instead of Virtual (in
Radius set NAS-Port-Type = Virtual)



More information about the cisco-nas mailing list