[c-nsp] ISDN Dialin RADIUS
Dennis Peng
dpeng at cisco.com
Tue Feb 1 14:16:26 EST 2005
On Feb 1, 2005, at 4:59 AM, Florian Prester wrote:
> Hi,
>
> I am using an CISCO (IOS (tm) 3700 Software (C3725-IPBASE-M), Version
> 12.3(10), RELEASE SOFTWARE (fc3)) as a dialin router. The modem-calls
> succeed, but isdn-calls fail.
I'm a little confused by this statement because in the debug trace
you show below, you show a modem call which fails.
> First my Radius server is serving the IP-Address of the calling client,
> the authentication succeed as well.
Is your RADIUS server assigning IP addresses for all of your
users?
> But the my NAS is or is not arguing with the caller, about the IP.
Can you send me your full configuration and also a new set of
debugs for a failing call with the following debugs turned on:
debug aaa authen
debug aaa author
debug ppp negot
debug ppp authen
debug ppp error
debug radius authen
debug ip peer
Thanks.
Dennis
>
> ############################################################
> My AAA-Config:
>
> aaa new-model
> !
> !
> aaa authentication login default group radius local none
> aaa authentication enable default enable line none
> aaa authentication ppp default if-needed group radius
> aaa authorization exec default group radius local
> aaa authorization network default group radius none
> aaa accounting delay-start
> aaa accounting exec default start-stop group radius
> aaa accounting network default start-stop group radius
> aaa accounting system default start-stop group radius
> aaa session-id common
>
> ###########################################################
> My log:
>
> Feb 1 10:43:21.805: RADIUS: Received from id 1645/26
> 131.188.2.96:1812,
> Access-Accept, len 44
> Feb 1 10:43:21.805: RADIUS: authenticator 54 3A 8C 7F C2 2C F9 1D -
> 57
> 2B 4C A4 EE 6F AE 62
> Feb 1 10:43:21.805: RADIUS: Service-Type [6] 6
> Framed [2]
> Feb 1 10:43:21.805: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> Feb 1 10:43:21.805: RADIUS: Framed-IP-Netmask [9] 6
> 255.255.255.0
> Feb 1 10:43:21.805: RADIUS: Framed-IP-Address [8] 6
> 10.10.47.167
> Feb 1 10:43:21.805: RADIUS(00000040): Received from id 1645/26
> Feb 1 10:43:21.805: As84 PPP: Received LOGIN Response PASS
> Feb 1 10:43:21.805: As84 PPP/AAA: Check Attr: service-type
> Feb 1 10:43:21.805: As84 PPP/AAA: Check Attr: Framed-Protocol
> Feb 1 10:43:21.805: As84 PPP/AAA: Check Attr: netmask
> Feb 1 10:43:21.805: As84 PPP/AAA: Check Attr: route: Peruser
> Feb 1 10:43:21.805: As84 PPP/AAA: Check Attr: addr
> Feb 1 10:43:21.805: As84 PPP: Phase is FORWARDING, Attempting Forward
> Feb 1 10:43:21.805: As84 PPP: Phase is AUTHENTICATING, Authenticated
> User
> Feb 1 10:43:21.805: As84 PAP: O AUTH-ACK id 1 len 5
> Feb 1 10:43:21.809: As84 PPP: Phase is UP
> Feb 1 10:43:21.809: As84 AAA/AUTHOR/FSM: We can start IPCP
> Feb 1 10:43:21.809: As84 IPCP: O CONFREQ [Closed] id 1 len 16
> Feb 1 10:43:21.809: As84 IPCP: CompressType VJ 15 slots
> (0x0206002D0F00)
> Feb 1 10:43:21.809: As84 IPCP: Address 192.44.86.6 (0x0306C02C5606)
> Feb 1 10:43:21.809: As84 PPP: Process pending ncp packets
> Feb 1 10:43:21.929: As84 CCP: I CONFREQ [Not negotiated] id 1 len 10
> Feb 1 10:43:21.929: As84 CCP: Deflate 0x7800 (0x1A047800)
> Feb 1 10:43:21.929: As84 CCP: Predictor1 (0x0102)
> Feb 1 10:43:21.929: As84 LCP: O PROTREJ [Open] id 2 len 16 protocol
> CCP
> (0x80FD0101000A1A0478000102)
> Feb 1 10:43:21.929: As84 IPCP: I CONFREQ [REQsent] id 1 len 28
> Feb 1 10:43:21.933: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:21.933: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:21.933: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:21.933: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:21.933: As84 IPCP: Cannot satisfy pool request
> Feb 1 10:43:21.933: As84 IPCP: Neither side knows remote address
> Feb 1 10:43:21.933: As84 AAA/AUTHOR/IPCP: no author-info for primary
> dns
> Feb 1 10:43:21.933: As84 AAA/AUTHOR/IPCP: no author-info for seconday
> dns
> Feb 1 10:43:21.933: As84 IPCP: O CONFREJ [REQsent] id 1 len 10
> Feb 1 10:43:21.933: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:21.945: As84 IPV6CP: I CONFREQ [Not negotiated] id 1 len
> 14
> Feb 1 10:43:21.945: As84 IPV6CP: Interface-Id 020F:1FFF:FEBC:983A
> (0x010A020F1FFFFEBC983A)
> Feb 1 10:43:21.945: As84 LCP: O PROTREJ [Open] id 3 len 20 protocol
> IPV6CP (0x80570101000E010A020F1FFFFEBC983A)
> Feb 1 10:43:21.945: As84 IPCP: I CONFACK [REQsent] id 1 len 16
> Feb 1 10:43:21.945: As84 IPCP: CompressType VJ 15 slots
> (0x0206002D0F00)
> Feb 1 10:43:21.945: As84 IPCP: Address 192.44.86.6 (0x0306C02C5606)
> Feb 1 10:43:22.053: As84 IPCP: I CONFREQ [ACKrcvd] id 2 len 28
> Feb 1 10:43:22.053: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.053: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:22.053: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:22.053: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:22.053: As84 IPCP: Cannot satisfy pool request
> Feb 1 10:43:22.053: As84 IPCP: Neither side knows remote address
> Feb 1 10:43:22.053: As84 AAA/AUTHOR/IPCP: no author-info for primary
> dns
> Feb 1 10:43:22.053: As84 AAA/AUTHOR/IPCP: no author-info for seconday
> dns
> Feb 1 10:43:22.053: As84 IPCP: O CONFREJ [ACKrcvd] id 2 len 10
> Feb 1 10:43:22.053: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.053: As84 IPV6CP: I TERMREQ [Not negotiated] id 1 len 4
> Feb 1 10:43:22.053: As84 LCP: O PROTREJ [Open] id 4 len 10 protocol
> IPV6CP (0x805705010004)
> Feb 1 10:43:22.157: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.157: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:22.157: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:22.157: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:22.157: As84 IPCP: Cannot satisfy pool request
> Feb 1 10:43:22.157: As84 IPCP: Neither side knows remote address
> Feb 1 10:43:22.157: As84 AAA/AUTHOR/IPCP: no author-info for primary
> dns
> Feb 1 10:43:22.157: As84 AAA/AUTHOR/IPCP: no author-info for seconday
> dns
> Feb 1 10:43:22.157: As84 IPCP: O CONFREJ [ACKrcvd] id 3 len 10
> Feb 1 10:43:22.157: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.265: As84 IPCP: I CONFREQ [ACKrcvd] id 4 len 28
> Feb 1 10:43:22.265: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.265: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:22.265: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:22.265: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:22.265: As84 IPCP: Cannot satisfy pool request
> Feb 1 10:43:22.265: As84 IPCP: Neither side knows remote address
> Feb 1 10:43:22.265: As84 AAA/AUTHOR/IPCP: no author-info for primary
> dns
> Feb 1 10:43:22.265: As84 AAA/AUTHOR/IPCP: no author-info for seconday
> dns
> Feb 1 10:43:22.265: As84 IPCP: O CONFREJ [ACKrcvd] id 4 len 10
> Feb 1 10:43:22.265: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.381: As84 IPCP: I CONFREQ [ACKrcvd] id 5 len 28
> Feb 1 10:43:22.381: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.381: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:22.381: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:22.381: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:22.381: As84 IPCP: Cannot satisfy pool request
> Feb 1 10:43:22.381: As84 IPCP: Neither side knows remote address
> Feb 1 10:43:22.381: As84 AAA/AUTHOR/IPCP: no author-info for primary
> dns
> Feb 1 10:43:22.381: As84 AAA/AUTHOR/IPCP: no author-info for seconday
> dns
> Feb 1 10:43:22.381: As84 IPCP: O CONFREJ [ACKrcvd] id 5 len 10
> Feb 1 10:43:22.381: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.501: As84 IPCP: I CONFREQ [ACKrcvd] id 6 len 28
> Feb 1 10:43:22.501: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.501: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:22.501: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:22.501: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:22.501: As84 IPCP: Cannot satisfy pool request
> Feb 1 10:43:22.501: As84 IPCP: Neither side knows remote address
> Feb 1 10:43:22.501: As84 AAA/AUTHOR/IPCP: no author-info for primary
> dns
> Feb 1 10:43:22.501: As84 AAA/AUTHOR/IPCP: no author-info for seconday
> dns
> Feb 1 10:43:22.501: As84 IPCP: O CONFREJ [ACKrcvd] id 6 len 10
> Feb 1 10:43:22.501: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.625: As84 IPCP: I CONFREQ [ACKrcvd] id 7 len 28
> Feb 1 10:43:22.625: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.625: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:22.625: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:22.625: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:22.625: As84 IPCP: Cannot satisfy pool request
> Feb 1 10:43:22.625: As84 IPCP: Neither side knows remote address
> Feb 1 10:43:22.625: As84 AAA/AUTHOR/IPCP: no author-info for primary
> dns
> Feb 1 10:43:22.625: As84 AAA/AUTHOR/IPCP: no author-info for seconday
> dns
> Feb 1 10:43:22.625: As84 IPCP: O CONFREJ [ACKrcvd] id 7 len 10
> Feb 1 10:43:22.625: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.745: As84 IPCP: I CONFREQ [ACKrcvd] id 8 len 28
> Feb 1 10:43:22.745: As84 IPCP: Address 0.0.0.0 (0x030600000000)
> Feb 1 10:43:22.745: As84 IPCP: CompressType VJ 15 slots
> CompressSlotID (0x0206002D0F01)
> Feb 1 10:43:22.745: As84 IPCP: PrimaryDNS 131.188.3.73
> (0x810683BC0349)
> Feb 1 10:43:22.745: As84 IPCP: SecondaryDNS 255.255.255.255
> (0x8306FFFFFFFF)
> Feb 1 10:43:22.745: As84 IPCP: Cannot satisfy pool request
> ############################################################
>
> If someone can help me, thanks.
>
> Florian Prester
>
> P.S.: The client is tested.
>
> --
> --------------------------------------------------------------
> Dipl. Inf. Florian Prester
> Network Administration
> Regionales RechenZentrum Erlangen
> Universitaet Erlangen-Nuernberg
> Germany
>
> Tel.: +499131 8527813
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list