[c-nsp] ISDN Dialin RADIUS

Dennis Peng dpeng at cisco.com
Tue Feb 1 14:16:26 EST 2005


On Feb 1, 2005, at 4:59 AM, Florian Prester wrote:

> Hi,
>
> I am using an CISCO (IOS (tm) 3700 Software (C3725-IPBASE-M), Version
> 12.3(10), RELEASE SOFTWARE (fc3))  as a dialin router. The modem-calls
> succeed, but isdn-calls fail.

I'm a little confused by this statement because in the debug trace
you show below, you show a modem call which fails.


> First my Radius server is serving the IP-Address of the calling client,
> the authentication succeed as well.

Is your RADIUS server assigning IP addresses for all of your
users?

> But the my NAS is or is not arguing with the caller, about the IP.

Can you send me your full configuration and also a new set of
debugs for a failing call with the following debugs turned on:

debug aaa authen
debug aaa author
debug ppp negot
debug ppp authen
debug ppp error
debug radius authen
debug ip peer

Thanks.

Dennis

>
> ############################################################
> My AAA-Config:
>
> aaa new-model
> !
> !
> aaa authentication login default group radius local none
> aaa authentication enable default enable line none
> aaa authentication ppp default if-needed group radius
> aaa authorization exec default group radius local
> aaa authorization network default group radius none
> aaa accounting delay-start
> aaa accounting exec default start-stop group radius
> aaa accounting network default start-stop group radius
> aaa accounting system default start-stop group radius
> aaa session-id common
>
> ###########################################################
> My log:
>
> Feb  1 10:43:21.805: RADIUS: Received from id 1645/26 
> 131.188.2.96:1812,
> Access-Accept, len 44
> Feb  1 10:43:21.805: RADIUS:  authenticator 54 3A 8C 7F C2 2C F9 1D - 
> 57
> 2B 4C A4 EE 6F AE 62
> Feb  1 10:43:21.805: RADIUS:  Service-Type        [6]   6
> Framed                    [2]
> Feb  1 10:43:21.805: RADIUS:  Framed-Protocol     [7]   6
> PPP                       [1]
> Feb  1 10:43:21.805: RADIUS:  Framed-IP-Netmask   [9]   6
> 255.255.255.0
> Feb  1 10:43:21.805: RADIUS:  Framed-IP-Address   [8]   6
> 10.10.47.167
> Feb  1 10:43:21.805: RADIUS(00000040): Received from id 1645/26
> Feb  1 10:43:21.805: As84 PPP: Received LOGIN Response PASS
> Feb  1 10:43:21.805: As84 PPP/AAA: Check Attr: service-type
> Feb  1 10:43:21.805: As84 PPP/AAA: Check Attr: Framed-Protocol
> Feb  1 10:43:21.805: As84 PPP/AAA: Check Attr: netmask
> Feb  1 10:43:21.805: As84 PPP/AAA: Check Attr: route: Peruser
> Feb  1 10:43:21.805: As84 PPP/AAA: Check Attr: addr
> Feb  1 10:43:21.805: As84 PPP: Phase is FORWARDING, Attempting Forward
> Feb  1 10:43:21.805: As84 PPP: Phase is AUTHENTICATING, Authenticated 
> User
> Feb  1 10:43:21.805: As84 PAP: O AUTH-ACK id 1 len 5
> Feb  1 10:43:21.809: As84 PPP: Phase is UP
> Feb  1 10:43:21.809: As84 AAA/AUTHOR/FSM: We can start IPCP
> Feb  1 10:43:21.809: As84 IPCP: O CONFREQ [Closed] id 1 len 16
> Feb  1 10:43:21.809: As84 IPCP:    CompressType VJ 15 slots 
> (0x0206002D0F00)
> Feb  1 10:43:21.809: As84 IPCP:    Address 192.44.86.6 (0x0306C02C5606)
> Feb  1 10:43:21.809: As84 PPP: Process pending ncp packets
> Feb  1 10:43:21.929: As84 CCP: I CONFREQ [Not negotiated] id 1 len 10
> Feb  1 10:43:21.929: As84 CCP:    Deflate 0x7800 (0x1A047800)
> Feb  1 10:43:21.929: As84 CCP:    Predictor1 (0x0102)
> Feb  1 10:43:21.929: As84 LCP: O PROTREJ [Open] id 2 len 16 protocol 
> CCP
> (0x80FD0101000A1A0478000102)
> Feb  1 10:43:21.929: As84 IPCP: I CONFREQ [REQsent] id 1 len 28
> Feb  1 10:43:21.933: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:21.933: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:21.933: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:21.933: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:21.933: As84 IPCP: Cannot satisfy pool request
> Feb  1 10:43:21.933: As84 IPCP: Neither side knows remote address
> Feb  1 10:43:21.933: As84 AAA/AUTHOR/IPCP: no author-info for primary 
> dns
> Feb  1 10:43:21.933: As84 AAA/AUTHOR/IPCP: no author-info for seconday 
> dns
> Feb  1 10:43:21.933: As84 IPCP: O CONFREJ [REQsent] id 1 len 10
> Feb  1 10:43:21.933: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:21.945: As84 IPV6CP: I CONFREQ [Not negotiated] id 1 len 
> 14
> Feb  1 10:43:21.945: As84 IPV6CP:    Interface-Id 020F:1FFF:FEBC:983A
> (0x010A020F1FFFFEBC983A)
> Feb  1 10:43:21.945: As84 LCP: O PROTREJ [Open] id 3 len 20 protocol
> IPV6CP (0x80570101000E010A020F1FFFFEBC983A)
> Feb  1 10:43:21.945: As84 IPCP: I CONFACK [REQsent] id 1 len 16
> Feb  1 10:43:21.945: As84 IPCP:    CompressType VJ 15 slots 
> (0x0206002D0F00)
> Feb  1 10:43:21.945: As84 IPCP:    Address 192.44.86.6 (0x0306C02C5606)
> Feb  1 10:43:22.053: As84 IPCP: I CONFREQ [ACKrcvd] id 2 len 28
> Feb  1 10:43:22.053: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.053: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:22.053: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:22.053: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:22.053: As84 IPCP: Cannot satisfy pool request
> Feb  1 10:43:22.053: As84 IPCP: Neither side knows remote address
> Feb  1 10:43:22.053: As84 AAA/AUTHOR/IPCP: no author-info for primary 
> dns
> Feb  1 10:43:22.053: As84 AAA/AUTHOR/IPCP: no author-info for seconday 
> dns
> Feb  1 10:43:22.053: As84 IPCP: O CONFREJ [ACKrcvd] id 2 len 10
> Feb  1 10:43:22.053: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.053: As84 IPV6CP: I TERMREQ [Not negotiated] id 1 len 4
> Feb  1 10:43:22.053: As84 LCP: O PROTREJ [Open] id 4 len 10 protocol
> IPV6CP (0x805705010004)
> Feb  1 10:43:22.157: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.157: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:22.157: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:22.157: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:22.157: As84 IPCP: Cannot satisfy pool request
> Feb  1 10:43:22.157: As84 IPCP: Neither side knows remote address
> Feb  1 10:43:22.157: As84 AAA/AUTHOR/IPCP: no author-info for primary 
> dns
> Feb  1 10:43:22.157: As84 AAA/AUTHOR/IPCP: no author-info for seconday 
> dns
> Feb  1 10:43:22.157: As84 IPCP: O CONFREJ [ACKrcvd] id 3 len 10
> Feb  1 10:43:22.157: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.265: As84 IPCP: I CONFREQ [ACKrcvd] id 4 len 28
> Feb  1 10:43:22.265: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.265: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:22.265: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:22.265: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:22.265: As84 IPCP: Cannot satisfy pool request
> Feb  1 10:43:22.265: As84 IPCP: Neither side knows remote address
> Feb  1 10:43:22.265: As84 AAA/AUTHOR/IPCP: no author-info for primary 
> dns
> Feb  1 10:43:22.265: As84 AAA/AUTHOR/IPCP: no author-info for seconday 
> dns
> Feb  1 10:43:22.265: As84 IPCP: O CONFREJ [ACKrcvd] id 4 len 10
> Feb  1 10:43:22.265: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.381: As84 IPCP: I CONFREQ [ACKrcvd] id 5 len 28
> Feb  1 10:43:22.381: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.381: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:22.381: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:22.381: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:22.381: As84 IPCP: Cannot satisfy pool request
> Feb  1 10:43:22.381: As84 IPCP: Neither side knows remote address
> Feb  1 10:43:22.381: As84 AAA/AUTHOR/IPCP: no author-info for primary 
> dns
> Feb  1 10:43:22.381: As84 AAA/AUTHOR/IPCP: no author-info for seconday 
> dns
> Feb  1 10:43:22.381: As84 IPCP: O CONFREJ [ACKrcvd] id 5 len 10
> Feb  1 10:43:22.381: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.501: As84 IPCP: I CONFREQ [ACKrcvd] id 6 len 28
> Feb  1 10:43:22.501: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.501: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:22.501: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:22.501: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:22.501: As84 IPCP: Cannot satisfy pool request
> Feb  1 10:43:22.501: As84 IPCP: Neither side knows remote address
> Feb  1 10:43:22.501: As84 AAA/AUTHOR/IPCP: no author-info for primary 
> dns
> Feb  1 10:43:22.501: As84 AAA/AUTHOR/IPCP: no author-info for seconday 
> dns
> Feb  1 10:43:22.501: As84 IPCP: O CONFREJ [ACKrcvd] id 6 len 10
> Feb  1 10:43:22.501: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.625: As84 IPCP: I CONFREQ [ACKrcvd] id 7 len 28
> Feb  1 10:43:22.625: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.625: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:22.625: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:22.625: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:22.625: As84 IPCP: Cannot satisfy pool request
> Feb  1 10:43:22.625: As84 IPCP: Neither side knows remote address
> Feb  1 10:43:22.625: As84 AAA/AUTHOR/IPCP: no author-info for primary 
> dns
> Feb  1 10:43:22.625: As84 AAA/AUTHOR/IPCP: no author-info for seconday 
> dns
> Feb  1 10:43:22.625: As84 IPCP: O CONFREJ [ACKrcvd] id 7 len 10
> Feb  1 10:43:22.625: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.745: As84 IPCP: I CONFREQ [ACKrcvd] id 8 len 28
> Feb  1 10:43:22.745: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
> Feb  1 10:43:22.745: As84 IPCP:    CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb  1 10:43:22.745: As84 IPCP:    PrimaryDNS 131.188.3.73 
> (0x810683BC0349)
> Feb  1 10:43:22.745: As84 IPCP:    SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb  1 10:43:22.745: As84 IPCP: Cannot satisfy pool request
> ############################################################
>
> If someone can help me, thanks.
>
>     Florian Prester
>
> P.S.: The client is tested.
>
> -- 
> --------------------------------------------------------------
> Dipl. Inf. Florian Prester
> Network Administration
> Regionales RechenZentrum Erlangen
> Universitaet Erlangen-Nuernberg
> Germany
>
> Tel.: +499131 8527813
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list