[cisco-nas] LNS - vpdn dialout question with cisco ACS

Steger, Christian christian.steger at upc.at
Mon Oct 19 04:44:08 EDT 2009 

hello there,

i am trying to setup an szenaria where my LNS should created dynamically an l2tp tunnel
while requesting the tunnel parameters from the ACS for an specific group of users. (Service-Type Outbound!)

the IOS will be used is "c7200p-advipservicesk9-mz.124-4.XD10.bin"

as you can see below i have setup the required tunnel parameters:
(received while doing an "debug aaa author")

Oct 19 06:41:05.848 MET-DST: ppp1599 AAA/AUTHOR/LCP: Authorization succeeds trivially
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: service-type
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-type
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-medium-type
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-server-endpoint
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-password
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: vpdn-group
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: addr
Oct 19 06:41:06.876 MET-DST: AAA/BIND(001E59C9): Bind i/f Virtual-Access3.634
Oct 19 06:41:06.876 MET-DST: Vi3.634 AAA/AUTHOR/LCP: Process Author
Oct 19 06:41:06.876 MET-DST: Vi3.634 AAA/AUTHOR/LCP: Process Attr: service-type
Oct 19 06:41:06.876 MET-DST: Vi3.634 AAA/AUTHOR/LCP: Unsupported Service-Type: 5. No supported types found.

i actually did not find any reasons where the problem could be. - i guess the "unsupported service-type" means
the "Outbound" call - what is the problem that he cannot setup an l2tp tunnel?

here is the output from the "debug radius auth":

Oct 19 06:46:58.504 MET-DST: RADIUS(001E5A06): Send Access-Request to xxx.xxx.xxx.42:1645 id 1645/19, len 149
Oct 19 06:46:58.504 MET-DST: RADIUS:  authenticator ED ED 36 23 9F AD 5C 0B - D2 1B FB 6D 7F 03 5E DD
Oct 19 06:46:58.504 MET-DST: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Oct 19 06:46:58.504 MET-DST: RADIUS:  User-Name           [1]   23  "xxx at xxx.net"
Oct 19 06:46:58.504 MET-DST: RADIUS:  User-Password       [2]   18  *
Oct 19 06:46:58.504 MET-DST: RADIUS:  NAS-Port            [5]   6   76
Oct 19 06:46:58.504 MET-DST: RADIUS:  NAS-Port-Id         [87]  16  "Uniq-Sess-ID76"
Oct 19 06:46:58.504 MET-DST: RADIUS:  Calling-Station-Id  [31]  14  "43xxxxxxxxxxx"
Oct 19 06:46:58.504 MET-DST: RADIUS:  Called-Station-Id   [30]  19  "i_am_the_nas"
Oct 19 06:46:58.504 MET-DST: RADIUS:  Connect-Info        [77]  9   "8640000"
Oct 19 06:46:58.504 MET-DST: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Oct 19 06:46:58.504 MET-DST: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Oct 19 06:46:58.504 MET-DST: RADIUS:  NAS-IP-Address      [4]   6   xxx.xxx.48.202
Oct 19 06:46:58.512 MET-DST: RADIUS: Received from id 1646/173 xxx.xxx.xxx.42:1646, Accounting-response, len 20
Oct 19 06:46:58.516 MET-DST: RADIUS: Received from id 1645/19 xxx.xxx.xxx.42:1645, Access-Accept, len 123
Oct 19 06:46:58.516 MET-DST: RADIUS:  authenticator 9F 8E 66 16 EE 4F E4 AD - BA B9 09 CF 67 4C 23 9D
Oct 19 06:46:58.516 MET-DST: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
Oct 19 06:46:58.516 MET-DST: RADIUS:  Tunnel-Type         [64]  6   01:L2TP                   [3]
Oct 19 06:46:58.516 MET-DST: RADIUS:  Tunnel-Medium-Type  [65]  6   01:IPv4                   [1]
Oct 19 06:46:58.516 MET-DST: RADIUS:  Tunnel-Server-Endpoi[67]  15  01:"xxx.xxx.48.140"
Oct 19 06:46:58.516 MET-DST: RADIUS:  Tunnel-Password     [69]  21  01:*
Oct 19 06:46:58.516 MET-DST: RADIUS:  Tunnel-Assignment-Id[82]  12  01:"LAC_xxxx"
Oct 19 06:46:58.516 MET-DST: RADIUS:  Framed-IP-Address   [8]   6   xxx.xxx.100.5
Oct 19 06:46:58.516 MET-DST: RADIUS:  Class               [25]  31

thanks for any help. - of course an static setup would be work fine, but i´d like to prefer an dynamic setup.

thanks for any answers/suggestions

chris

This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence. Thank you for your cooperation.
Information pursuant to paragraph 14 Austrian Companies Code: UPC Austria GmbH; Registered Office: Wolfganggasse 58-60, 1120 Vienna Company Register Number: FN 189858d at the Commercial Court of Vienna

More information about the cisco-nas mailing list