[c-nsp] RADIUS accounting for tunnel switched sessions

Nitzan Tzelniker nitzan.tzelniker at gmail.com
Thu Apr 21 03:07:51 EDT 2005 

Hi all, 

We are tryning to avoid from sending RADIUS accounting records when the user 
is tunnel switched to another LNS.
We do want RADIUS account records to be sent when the PPP is terminated 
locally on the machine.

Not long ago we asked a similar question here and received the following 
reply from Oliver Boehmer:
https://puck.nether.net/pipermail/cisco-bba/2005-February/000436.html.

We tried to configure it on one of our LNSs and it still sends accounting 
records for tunnel-switched sessions.

The LNS is a 7301 running 12.3(5a)B4.

Here is the relevant configuration:

-------------------------------------------------------
aaa accounting delay-start 
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting network default none
aaa accounting network VT start-stop group system-radius
aaa accounting system default start-stop group system-radius
aaa nas port extended
aaa session-id common

vpdn search-order domain 
vpdn domain-delimiter "%#" suffix

vpdn-group BYPASS
description Group to bypass 
request-dialin
protocol l2tp
domain bypass
initiate-to ip 213.8.255.xxx 
local name bypass.inter.net.il <http://bypass.inter.net.il>
l2tp tunnel password xxxx

interface Virtual-Template1
ppp accounting VT

radius-server domain-stripping delimiter #@ 
--------------------------------------------------------

And here is the output from "debug radius":

-------------------------------------------------------- 

RADIUS(0013268A): Send Accounting-Request to xxx.xxx.xxx.xxx:1646 id 
1646/158, len 284
007473: Apr 5 13:38:39 IDT(GMT: RADIUS: authenticator F6 1F DF BB F4 24 67 
42 - 81 D0 8F 6A A4 CA AE BD
007474: Apr 5 13:38:39 IDT(GMT: RADIUS: Acct-Session-Id [44] 10 "001A699E"
007475: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Type [64] 6 00:L2TP [3]
007476: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 
[1]
007477: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Server-Endpoi[67] 14 "
xxx.xxx.229.31"
007478: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Client-Endpoi[66] 14 "
xxx.xxx.232.25"
007479: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Assignment-Id[82] 8 "NITZAN"
007480: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Client-Auth-I[90] 15 
"nitzan-laptop"
007481: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Server-Auth-I[91] 12 
"Genie01-II"
007482: Apr 5 13:38:39 IDT(GMT: RADIUS: Acct-Tunnel-Connecti[68] 3 "0"
007483: Apr 5 13:38:39 IDT(GMT: RADIUS: Framed-Protocol [7] 6 PPP [1]
007484: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 
[1]
007485: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Client-Endpoi[66] 14 "
xxx.xxx.229.31"
007486: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Server-Endpoi[67] 14 "
xxx.xxx.xxx.28"
007487: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Assignment-Id[82] 8 "BYPASS"
007488: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Type [64] 6 00:L2TP [3]
007489: Apr 5 13:38:39 IDT(GMT: RADIUS: Acct-Tunnel-Connecti[68] 12 
"2855205751"
007490: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Client-Auth-I[90] 21 "
bypass.inter.net.il <http://bypass.inter.net.il>"
007491: Apr 5 13:38:39 IDT(GMT: RADIUS: Tunnel-Server-Auth-I[91] 20 "
tuvya.inter.net.il <http://tuvya.inter.net.il>"
007492: Apr 5 13:38:39 IDT(GMT: RADIUS: User-Name [1] 17 "nizan_tz%bypass"
007493: Apr 5 13:38:39 IDT(GMT: RADIUS: Acct-Authentic [45] 6 Local [2]
007494: Apr 5 13:38:39 IDT(GMT: RADIUS: Acct-Status-Type [40] 6 Start [1]
007495: Apr 5 13:38:39 IDT(GMT: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
007496: Apr 5 13:38:39 IDT(GMT: RADIUS: NAS-Port [5] 6 344 
007497: Apr 5 13:38:39 IDT(GMT: RADIUS: Connect-Info [77] 10 "11000000"
007498: Apr 5 13:38:39 IDT(GMT: RADIUS: Service-Type [6] 6 Framed [2]
007499: Apr 5 13:38:39 IDT(GMT: RADIUS: NAS-IP-Address [4] 6
213.8.9.81<http://213.8.9.81>
007500: Apr 5 13:38:39 IDT(GMT: RADIUS: Acct-Delay-Time [41] 6 0 
007501: Apr 5 13:38:39 IDT(GMT: RADIUS: Received from id 1646/158 
xxx.xxx.xxx.xxx:1646, Accounting-response, len 20
007502: Apr 5 13:38:39 IDT(GMT: RADIUS: authenticator E0 AD FC B4 E1 EB 44 
D0 - 66 63 0D 9A 19 46 FD 63
 
-----------------------------------------------------------------



Thanks

Nitzan

More information about the cisco-nsp mailing list