[c-nsp] Cisco NAS radius accounting

Sean Swallow cisco-nsp at nurk.org
Tue Dec 28 15:17:22 EST 2004


We're currently using stacks of Portmaster3's for dialin access for our 
customers. After some testing we have found that mica modem equipt 
AS5200's offer a better connection for those customers, 'in the sticks'.

Our test AS5200 is running IOS Version 12.1(25).

Although they seemingly offer a better connection, I am having other
problems with the 5200's related to accounting.

First and most important. When the AS5200 is rebooted, it resets the 
Acct-Session-Id (!). This is a major problem for our accounting. Is it 
possible to retain the session ID? Or, even set it with radius?

Also a problem, but less important. The 5200 only sends the connect info, 
specifically tx/rx speed, in the stop packet. Is it possible to send that 
information in the start packet to radius?

Relevent config bits:

aaa new-model
aaa authentication login default line
aaa authentication login console none
aaa authentication login dialup group radius
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting update newinfo
aaa accounting network default wait-start group radius
aaa nas port extended

interface Group-Async1
 ip unnumbered Ethernet0
 no ip unreachables
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 async mode dedicated
 peer default ip address pool dialup
 no fair-queue
 compress mppc
 no cdp enable
 ppp authentication pap
 group-range 1 11
 hold-queue 20 in

radius-server host 1.1.1.1 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key <password>
radius-server vsa send accounting
radius-server vsa send authentication

line 1 48 
 exec-timeout 0 0
 login authentication dialup
 modem Dialin
 modem autoconfigure discovery
 transport input all
 autoselect during-login
 autoselect ppp

Please let me know if I've missed something.

Thanks for any help you can provide.

Cheers,

-- 
Sean Swallow



More information about the cisco-nsp mailing list