[c-nsp] PPPoE/RADIUS with 7206/NPE-200 and IOS 12.3(9c)

Tue Dec 20 12:35:21 EST 2005

Hi all,

I'm having a lot of difficulty getting PPPoE/RADIUS behaving properly. 
Any PPPoE session that uses RADIUS as authentication fails, but I can 
authentication 7206 logins against RADIUS properly.  I believe the 
configuration is fine, but at this point I'm not sure.  Perhaps it's a 
bug in that version of the IOS, I don't know.

I've included the output from "debug radius verbose" below (with some 
ppp/pppoe debugging for good measure), as well as the configuration I'm 
using.

** Debugging output

Dec 20 17:02:06.035: PPPoE 0: I PADI  R:0000.24c4.ffc5 L:ffff.ffff.ffff 
Fa1/0
Dec 20 17:02:06.035: PPPoE 0: O PADO, R:0000.24c4.ffc5 L:0010.54d8.141c 
Fa1/0
Dec 20 17:02:06.319: PPPoE 0: I PADR  R:0000.24c4.ffc5 L:0010.54d8.141c 
Fa1/0
Dec 20 17:02:06.319: PPPoE : encap string prepared
Dec 20 17:02:06.319: [15]PPPoE 15: Access IE handle allocated
Dec 20 17:02:06.319: [15]PPPoE 15: pppoe SSS switch updated
Dec 20 17:02:06.319: [15]PPPoE 15: AAA get retrieved attrs
Dec 20 17:02:06.319: [15]PPPoE 15: AAA get nas port details
Dec 20 17:02:06.319: AAA/BIND(00000011): Bind i/f Virtual-Template1
Dec 20 17:02:06.319: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:06.319: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:06.323: [15]PPPoE 15: AAA unique ID allocated
Dec 20 17:02:06.323: [15]PPPoE 15: AAA method list  set
Dec 20 17:02:06.323: [15]PPPoE 15: Service request sent to SSS
Dec 20 17:02:06.323: [15]PPPoE 15: Created  R:0010.54d8.141c 
L:0000.24c4.ffc5 Fa1/0
Dec 20 17:02:06.323: [15]PPPoE 15: State REQ_NASPORT    Event MORE_KEYS
Dec 20 17:02:06.323: [15]PPPoE 15: O PADS  R:0000.24c4.ffc5 
L:0010.54d8.141c Fa1/0
Dec 20 17:02:06.323:  EVT: Dynamic Bind 0 0x63E05AA4
Dec 20 17:02:06.323: ppp15 PPP: Create Context 636738A4
Dec 20 17:02:06.323: ppp15 PPP: Bind SSS Dynamic
Dec 20 17:02:06.323: ppp15 PPP: Send Message[Dynamic Bind Response]
Dec 20 17:02:06.323: ppp15 EVT: Bound 4 0x00000000
Dec 20 17:02:06.323: ppp15 PPP: Using default call direction
Dec 20 17:02:06.323: ppp15 PPP: Treating connection as a dedicated line
Dec 20 17:02:06.323: ppp15 PPP: Authorization required
Dec 20 17:02:06.323: [15]PPPoE 15: State START_PPP    Event DYN_BIND
Dec 20 17:02:06.323: [15]PPPoE 15: data path set to PPP
Dec 20 17:02:07.379: ppp15 EVT: Packet 0 0x631921F0
Dec 20 17:02:07.439: ppp15 EVT: Packet 0 0x6365823C
Dec 20 17:02:07.499: ppp15 EVT: Packet 0 0x63659424
Dec 20 17:02:07.499: AAA/AUTHEN/PPP (00000011): Pick method list 'default'
Dec 20 17:02:07.499: RADIUS/ENCODE(00000011): check username/password; FAIL
Dec 20 17:02:07.499: RADIUS/ENCODE(00000011): send packet; FAIL
Dec 20 17:02:07.499: ppp15 EVT: AAA Response 0 0x63B97068
Dec 20 17:02:07.499: ppp15 EVT: Soft Disc 0 0x00000000
Dec 20 17:02:07.499: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.499: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.499: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.503: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.559: ppp15 EVT: Packet 0 0x63657F40
Dec 20 17:02:07.559: ppp15 LQR: LCP not open, discarding packet
Dec 20 17:02:07.587: ppp15 EVT: Auth Packet 0 0x631948BC
Dec 20 17:02:07.587: ppp15 PAP: LCP not open, discarding packet
Dec 20 17:02:07.607: ppp15 EVT: Packet 0 0x6365764C
Dec 20 17:02:07.611: ppp15 PPP: Send Message[Disconnect]
Dec 20 17:02:07.611: ppp15 EVT: Free PPP 0 0x00000000
Dec 20 17:02:07.611: [15]PPPoE 15: State LCP_NEGO    Event PPP_DISCNCT
Dec 20 17:02:07.611: [15]PPPoE 15: O PADT  R:0000.24c4.ffc5 
L:0010.54d8.141c Fa1/0
Dec 20 17:02:07.611: [15]PPPoE 15: Destroying  R:0000.24c4.ffc5 
L:0010.54d8.141c Fa1/0
Dec 20 17:02:07.611: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.611: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.611: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.611: [15]PPPoE 15: AAA get dynamic attrs
Dec 20 17:02:07.611: [15]PPPoE 15: AAA account stopped
Dec 20 17:02:07.687: PPPoE 15: I PADT  R:0000.24c4.ffc5 L:0010.54d8.141c 
Fa1/0

** The configuration (IP's redacted)

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nc-frt-bas1
!
boot-start-marker
boot bootstrap disk0:/c7200-boot-mz.120-22.bin
boot system disk0:/c7200-is-mz.123-9c.bin
boot-end-marker
!
logging buffered 65536 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default line
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting update periodic 240
aaa accounting network default start-stop group radius
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip cef
no ip domain lookup
ip domain name pppoe.rtr
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
  accept-dialin
   protocol pppoe
   virtual-template 1
  pppoe limit max-sessions 1000
!
interface Loopback1
  description IP Range lockdown for pppoe assignments
  ip address xxx.xxx.xxx.xxx 255.255.255.224
!
interface FastEthernet0/0
  ip address xxx.xxx.xxx.xxx 255.255.255.240
  no ip mroute-cache
  duplex full
  media-type mii
!
interface FastEthernet1/0
  no ip address
  no ip route-cache cef
  no ip route-cache
  no ip mroute-cache
  duplex full
  pppoe enable
  no cdp enable
!
interface Ethernet4/0
  no ip address
  duplex half
!
interface Ethernet4/1
  no ip address
  duplex half
!
interface Ethernet4/2
  no ip address
  duplex half
!
interface Ethernet4/3
  no ip address
  duplex half
!
interface Virtual-Template1
  ip unnumbered Loopback1
  ip tcp adjust-mss 1420
  ip mroute-cache
  no peer default ip address
  ppp mtu adaptive
  ppp authentication pap
  ppp multilink
!
router ospf 1000
  log-adjacency-changes
  redistribute connected subnets
  network xxx.xxx.xxx.xxx 0.0.0.15 area 0
!
ip local pool ppp-pool1 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip classless
no ip http server
!
!
!
!
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 key 
radiuspassword
radius-server vsa send accounting
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
  shutdown
!
end