[cisco-nas] PPPoE radius attributes
Edgars Makna
edgarz at dtg.lv
Sun Nov 9 11:44:19 EST 2008
Hello!
I'm running pppoe server on cisco 2801, everything works except one thing. Cisco do not apply received parameters from radius server.
cisco debug:
.Nov 9 13:58:04.271: PPPoE 0: I PADI R:0019.d133.551e L:ffff.ffff.ffff 33 Fa0/1.33
.Nov 9 13:58:04.271: Service tag: NULL Tag
.Nov 9 13:58:04.271: PPPoE 0: O PADO, R:001a.e23e.6bdd L:0019.d133.551e 33 Fa0/1.33
.Nov 9 13:58:04.271: Service tag: NULL Tag
.Nov 9 13:58:04.271: PPPoE 0: I PADR R:0019.d133.551e L:001a.e23e.6bdd 33 Fa0/1.33
.Nov 9 13:58:04.271: Service tag: NULL Tag
.Nov 9 13:58:04.271: PPPoE : encap string prepared
.Nov 9 13:58:04.271: [365]PPPoE 364: Access IE handle allocated
.Nov 9 13:58:04.275: [365]PPPoE 364: pppoe SSS switch updated
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get retrieved attrs
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get nas port details
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA unique ID allocated
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA method list set
.Nov 9 13:58:04.275: [365]PPPoE 364: Service request sent to SSS
.Nov 9 13:58:04.279: [365]PPPoE 364: Created, Service: None R:001a.e23e.6bdd L:0019.d133.551e 33 Fa0/1.33
.Nov 9 13:58:04.279: [365]PPPoE 364: State NAS_PORT_POLICY_INQUIRY Event SSS_LOCAL
.Nov 9 13:58:04.279: [365]PPPoE 364: O PADS R:0019.d133.551e L:001a.e23e.6bdd Fa0/1.33
panorama_plaza-gw#
.Nov 9 13:58:04.283: [365]PPPoE 364: State PPP_START Event DYN_BIND
.Nov 9 13:58:04.283: [365]PPPoE 364: data path set to PPP
.Nov 9 13:58:04.363: RADIUS/ENCODE(0000091A):Orig. component type = PPoE
.Nov 9 13:58:04.363: RADIUS: AAA Unsupported Attr: client-mac-address[48] 14
.Nov 9 13:58:04.367: RADIUS: 30 30 31 39 2E 64 31 33 33 2E 35 35 [0019.d133.55]
.Nov 9 13:58:04.367: RADIUS: AAA Unsupported Attr: interface [174] 8
.Nov 9 13:58:04.367: RADIUS: 30 2F 30 2F 31 2F [0/0/1/]
.Nov 9 13:58:04.367: RADIUS(0000091A): Config NAS IP: 0.0.0.0
.Nov 9 13:58:04.367: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
.Nov 9 13:58:04.367: RADIUS/ENCODE(0000091A): acct_session_id: 2458
.Nov 9 13:58:04.367: RADIUS(0000091A): sending
.Nov 9 13:58:04.367: RADIUS/ENCODE: Best Local IP-Address CISCO_IP_ADDRESS for Radius-Server 91.135.16.2
.Nov 9 13:58:04.367: RADIUS(0000091A): Send Access-Request to 91.135.16.2:1812 id 1645/109, len 91
.Nov 9 13:58:04.371: RADIUS: authenticator F6 28 6C 9E 4A 7D EF 19 - AF F3 F8 4E 08 C8 A2 30
.Nov 9 13:58:04.371: RADIUS: Framed-Protocol [7] 6 PPP [1]
.Nov 9 13:58:04.371: RADIUS: User-Name [1] 13 "servertelpa"
.Nov 9 13:58:04.371: RADIUS: User-Password [2] 18 *
.Nov 9 13:58:04.371: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
.Nov 9 13:58:04.371: RADIUS: NAS-Port [5] 6 0
.Nov 9 13:58:04.371: RADIUS: NAS-Port-Id [87] 10 "0/0/1/33"
.Nov 9 13:58:04.371: RADIUS: Service-Type [6] 6 Framed [2]
.Nov 9 13:58:04.371: RADIUS: NAS-IP-Address [4] 6 CISCO_IP_ADDRESS
.Nov 9 13:58:04.387: RADIUS: Received from id 1645/109 91.135.16.2:1812, Access-Accept, len 276
.Nov 9 13:58:04.391: RADIUS: authenticator 59 9D 99 31 43 EE FB 9E - 2D F1 1E 21 78 FF 31 79
.Nov 9 13:58:04.391: RADIUS: Framed-Protocol [7] 6 PPP [1]
.Nov 9 13:58:04.391: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1]
.Nov 9 13:58:04.391: RADIUS: Framed-IP-Address [8] 6 XXX.YYY.27.253
.Nov 9 13:58:04.391: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.255
.Nov 9 13:58:04.391: RADIUS: Service-Type [6] 6 Framed [2]
.Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26] 113
.Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1] 107 "lcp:interface-config#1=rate-limit intput 10240000 10000 10000 conform-action continue exceed-action drop "
.Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26] 113
.Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1] 107 "lcp:interface-config#2=rate-limit output 10240000 10000 10000 conform-action continue exceed-action drop "
.Nov 9 13:58:04.395: RADIUS(0000091A): Received from id 1645/109
.Nov 9 13:58:04.399: [365]PPPoE 364: State LCP_NEGOTIATION Event PPP_LOCAL
.Nov 9 13:58:04.399: PPPoE 364: Can not use sub-interface
.Nov 9 13:58:04.403: [365]PPPoE 364: State VACCESS_REQUESTED Event VA_RESP
.Nov 9 13:58:04.403: [365]PPPoE 364: Vi81 interface obtained
.Nov 9 13:58:04.403: [365]PPPoE 364: State PTA_BINDING Event STAT_BIND
.Nov 9 13:58:04.403: [365]PPPoE 364: data path set to Virtual Acess
.Nov 9 13:58:04.403: [365]PPPoE 364: Connected PTA
.Nov 9 13:58:04.407: %LINK-3-UPDOWN: Interface Virtual-Access81, changed state to up
panorama_plaza-gw#
.Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.459: RADIUS/ENCODE(0000091A):Orig. component type = PPoE
.Nov 9 13:58:04.459: RADIUS(0000091A): Config NAS IP: 0.0.0.0
.Nov 9 13:58:04.463: RADIUS/ENCODE: Best Local IP-Address CISCO_IP_ADDRESS for Radius-Server RADIUS_SERVER_IP
.Nov 9 13:58:04.467: RADIUS: Received from id 1646/149 91.135.16.2:1813, Accounting-response, len 20
.Nov 9 13:58:05.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access81, changed state to up
GW#sh user | i servertelpa
Vi81 servertelpa PPPoE 00:04:39 XXX.YYY.27.9
GW#
As we see ip address is a bit different than i send from RADIUS.
GW#sh interfaces rate-limit
GW#
And no rate limits applied.
CONFIG here:
aaa authentication login default local line
aaa authentication ppp default group radius
aaa authorization console
aaa authorization exec default local
aaa accounting delay-start
aaa accounting update periodic 180
aaa accounting network default start-stop group radius
!
aaa server radius dynamic-author
server-key cool-password
!
aaa session-id common
bba-group pppoe plaza
virtual-template 1
sessions per-mac limit 1
interface FastEthernet0/1.33
encapsulation dot1Q 33
pppoe enable group plaza
pppoe max-sessions 200
interface Virtual-Template1
ip unnumbered Loopback1
peer default ip address pool plaza
ppp authentication pap
ip local pool plaza 91.135.27.4 91.135.27.245
VERSION: Cisco IOS Software, 2801 Software (C2801-SPSERVICESK9-M), Version 12.4(15)T3, RELEASE SOFTWARE (fc1)
Where to dig?
More information about the cisco-nas
mailing list