[c-nsp] ISDN Dialin RADIUS

Nick Shah Nick.Shah at aapt.com.au
Tue Feb 1 18:14:44 EST 2005


Florian

It looks like the ip addressing requirements are different for DIALUP &
ISDN. From your debug it looks that the radius is sending IP ADDRESSES,
and you also have loopback0 unnumbered configured on D channel config.
The loopback0 ip address seems to be from a different "network" than
what you are sending by radius. There are 2 ways to achieve what you are
trying to do.

Static configuration : where you authenticate ISDN users locally. Then
you can have a config like this:

Username S232791-35 password blah

interface Serial0/1:15
 ip address 192.168.11.62 255.255.255.192
 no ip redirects
 encapsulation ppp
 dialer idle-timeout 604800
 dialer enable-timeout 5
 dialer wait-for-carrier-time 15
 dialer map ip 192.168.11.1 name S232791-35 broadcast
 dialer-group 1
 isdn switch-type primary-net5
 isdn incoming-voice modem
 no cdp enable
 ppp authentication chap pap isdn-access
 ppp chap hostname whatever
 ppp multilink
end

interface Group-Async1
 ip unnumbered Loopback0
 ip helper-address x.y.z.a
 ip helper-address a.b.c.d
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 async dynamic address
 async mode interactive
 ppp authentication pap chap
 group-range 97 120

Or, you can have something like this, where you are sending ip address
from radius, I would encourage using a /30 for each user :

interface Serial0/1:15
 No ip address
 no ip redirects
 encapsulation ppp
 dialer idle-timeout 604800
 dialer enable-timeout 5
 dialer wait-for-carrier-time 15
 dialer-group 1
 isdn switch-type primary-net5
 isdn incoming-voice modem
 no cdp enable
 ppp authentication chap pap isdn-access
 ppp chap hostname whatever
 ppp multilink
end

interface Group-Async1
 ip unnumbered Loopback0
 ip helper-address x.y.z.a
 ip helper-address a.b.c.d
 encapsulation ppp
 ip tcp header-compression passive
 no ip mroute-cache
 async dynamic address
 async mode interactive
 ppp authentication pap chap
 group-range 97 120

rgds
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Florian Prester
Sent: Wednesday, 2 February 2005 3:00 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ISDN Dialin RADIUS


Hi,

I have no dialer config, I only have this:

interface Serial1/0:15
ip unnumbered Loopback0
ip pim sparse-mode
encapsulation ppp
dialer idle-timeout 6000
dialer-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
isdn skip-async-callerid-check
no keepalive
no cdp enable
ppp authentication pap
ppp multilink
!
interface Group-Async0
ip unnumbered Loopback0
encapsulation ppp
ip tcp header-compression
dialer in-band
dialer idle-timeout 6000
async mode interactive
peer default ip address pool setup_pool
ppp authentication pap
group-range 65 94

.....


line 65 94
script modem-off-hook offhook
script callback callback
modem InOut
modem autoconfigure type mica
transport preferred none
transport input all
autoselect during-login
autoselect ppp




Josh Duffek wrote:

>I think radius is ok with IPCP happening:
>Feb  1 10:43:21.809: As84 AAA/AUTHOR/FSM: We can start IPCP
>
>What does your isdn/dialer interface config look like?
>
>Thanks,
>
>josh duffek    network engineer
>consultantjd16 at ridemetro.org
>
>  
>
>>-----Original Message-----
>>From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp- 
>>bounces at puck.nether.net] On Behalf Of Florian Prester
>>Sent: Tuesday, February 01, 2005 6:59 AM
>>To: cisco-nsp at puck.nether.net
>>Subject: [c-nsp] ISDN Dialin RADIUS
>>
>>Hi,
>>
>>I am using an CISCO (IOS (tm) 3700 Software (C3725-IPBASE-M), Version 
>>12.3(10), RELEASE SOFTWARE (fc3))  as a dialin router. The modem-calls

>>succeed, but isdn-calls fail. First my Radius server is serving the 
>>IP-Address of the calling
>>    
>>
>client,
>  
>
>>the authentication succeed as well.
>>But the my NAS is or is not arguing with the caller, about the IP.
>>
>>############################################################
>>My AAA-Config:
>>
>>aaa new-model
>>!
>>!
>>aaa authentication login default group radius local none
>>aaa authentication enable default enable line none
>>aaa authentication ppp default if-needed group radius
>>aaa authorization exec default group radius local
>>aaa authorization network default group radius none
>>aaa accounting delay-start
>>aaa accounting exec default start-stop group radius
>>aaa accounting network default start-stop group radius
>>aaa accounting system default start-stop group radius
>>aaa session-id common
>>
>>###########################################################
>>My log:
>>
>>Feb  1 10:43:21.805: RADIUS: Received from id 1645/26
>>    
>>
>131.188.2.96:1812,
>  
>
>>Access-Accept, len 44
>>Feb  1 10:43:21.805: RADIUS:  authenticator 54 3A 8C 7F C2 2C F9 1D -
>>    
>>
>57
>  
>
>>2B 4C A4 EE 6F AE 62
>>Feb  1 10:43:21.805: RADIUS:  Service-Type        [6]   6
>>Framed                    [2]
>>Feb  1 10:43:21.805: RADIUS:  Framed-Protocol     [7]   6
>>PPP                       [1]
>>Feb  1 10:43:21.805: RADIUS:  Framed-IP-Netmask   [9]   6
>>255.255.255.0
>>Feb  1 10:43:21.805: RADIUS:  Framed-IP-Address   [8]   6
>>10.10.47.167
>>Feb  1 10:43:21.805: RADIUS(00000040): Received from id 1645/26 Feb  1

>>10:43:21.805: As84 PPP: Received LOGIN Response PASS Feb  1 
>>10:43:21.805: As84 PPP/AAA: Check Attr: service-type Feb  1 
>>10:43:21.805: As84 PPP/AAA: Check Attr: Framed-Protocol Feb  1 
>>10:43:21.805: As84 PPP/AAA: Check Attr: netmask Feb  1 10:43:21.805: 
>>As84 PPP/AAA: Check Attr: route: Peruser Feb  1 10:43:21.805: As84 
>>PPP/AAA: Check Attr: addr Feb  1 10:43:21.805: As84 PPP: Phase is 
>>FORWARDING, Attempting Forward Feb  1 10:43:21.805: As84 PPP: Phase is

>>AUTHENTICATING, Authenticated
>>    
>>
>User
>  
>
>>Feb  1 10:43:21.805: As84 PAP: O AUTH-ACK id 1 len 5
>>Feb  1 10:43:21.809: As84 PPP: Phase is UP
>>Feb  1 10:43:21.809: As84 AAA/AUTHOR/FSM: We can start IPCP Feb  1 
>>10:43:21.809: As84 IPCP: O CONFREQ [Closed] id 1 len 16
>>Feb  1 10:43:21.809: As84 IPCP:    CompressType VJ 15 slots
>>(0x0206002D0F00)
>>Feb  1 10:43:21.809: As84 IPCP:    Address 192.44.86.6
>>    
>>
>(0x0306C02C5606)
>  
>
>>Feb  1 10:43:21.809: As84 PPP: Process pending ncp packets Feb  1 
>>10:43:21.929: As84 CCP: I CONFREQ [Not negotiated] id 1 len 10
>>Feb  1 10:43:21.929: As84 CCP:    Deflate 0x7800 (0x1A047800)
>>Feb  1 10:43:21.929: As84 CCP:    Predictor1 (0x0102)
>>Feb  1 10:43:21.929: As84 LCP: O PROTREJ [Open] id 2 len 16 protocol
>>    
>>
>CCP
>  
>
>>(0x80FD0101000A1A0478000102)
>>Feb  1 10:43:21.929: As84 IPCP: I CONFREQ [REQsent] id 1 len 28
>>Feb  1 10:43:21.933: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:21.933: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:21.933: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:21.933: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:21.933: As84 IPCP: Cannot satisfy pool request Feb  1 
>>10:43:21.933: As84 IPCP: Neither side knows remote address Feb  1 
>>10:43:21.933: As84 AAA/AUTHOR/IPCP: no author-info for primary
>>    
>>
>dns
>  
>
>>Feb  1 10:43:21.933: As84 AAA/AUTHOR/IPCP: no author-info for seconday
>>    
>>
>dns
>  
>
>>Feb  1 10:43:21.933: As84 IPCP: O CONFREJ [REQsent] id 1 len 10
>>Feb  1 10:43:21.933: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:21.945: As84 IPV6CP: I CONFREQ [Not negotiated] id 1 len
>>    
>>
>14
>  
>
>>Feb  1 10:43:21.945: As84 IPV6CP:    Interface-Id 020F:1FFF:FEBC:983A
>>(0x010A020F1FFFFEBC983A)
>>Feb  1 10:43:21.945: As84 LCP: O PROTREJ [Open] id 3 len 20 protocol 
>>IPV6CP (0x80570101000E010A020F1FFFFEBC983A)
>>Feb  1 10:43:21.945: As84 IPCP: I CONFACK [REQsent] id 1 len 16
>>Feb  1 10:43:21.945: As84 IPCP:    CompressType VJ 15 slots
>>(0x0206002D0F00)
>>Feb  1 10:43:21.945: As84 IPCP:    Address 192.44.86.6
>>    
>>
>(0x0306C02C5606)
>  
>
>>Feb  1 10:43:22.053: As84 IPCP: I CONFREQ [ACKrcvd] id 2 len 28
>>Feb  1 10:43:22.053: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.053: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:22.053: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:22.053: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:22.053: As84 IPCP: Cannot satisfy pool request Feb  1 
>>10:43:22.053: As84 IPCP: Neither side knows remote address Feb  1 
>>10:43:22.053: As84 AAA/AUTHOR/IPCP: no author-info for primary
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.053: As84 AAA/AUTHOR/IPCP: no author-info for seconday
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.053: As84 IPCP: O CONFREJ [ACKrcvd] id 2 len 10
>>Feb  1 10:43:22.053: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.053: As84 IPV6CP: I TERMREQ [Not negotiated] id 1 len
>>    
>>
>4
>  
>
>>Feb  1 10:43:22.053: As84 LCP: O PROTREJ [Open] id 4 len 10 protocol 
>>IPV6CP (0x805705010004)
>>Feb  1 10:43:22.157: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.157: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:22.157: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:22.157: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:22.157: As84 IPCP: Cannot satisfy pool request Feb  1 
>>10:43:22.157: As84 IPCP: Neither side knows remote address Feb  1 
>>10:43:22.157: As84 AAA/AUTHOR/IPCP: no author-info for primary
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.157: As84 AAA/AUTHOR/IPCP: no author-info for seconday
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.157: As84 IPCP: O CONFREJ [ACKrcvd] id 3 len 10
>>Feb  1 10:43:22.157: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.265: As84 IPCP: I CONFREQ [ACKrcvd] id 4 len 28
>>Feb  1 10:43:22.265: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.265: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:22.265: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:22.265: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:22.265: As84 IPCP: Cannot satisfy pool request Feb  1 
>>10:43:22.265: As84 IPCP: Neither side knows remote address Feb  1 
>>10:43:22.265: As84 AAA/AUTHOR/IPCP: no author-info for primary
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.265: As84 AAA/AUTHOR/IPCP: no author-info for seconday
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.265: As84 IPCP: O CONFREJ [ACKrcvd] id 4 len 10
>>Feb  1 10:43:22.265: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.381: As84 IPCP: I CONFREQ [ACKrcvd] id 5 len 28
>>Feb  1 10:43:22.381: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.381: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:22.381: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:22.381: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:22.381: As84 IPCP: Cannot satisfy pool request Feb  1 
>>10:43:22.381: As84 IPCP: Neither side knows remote address Feb  1 
>>10:43:22.381: As84 AAA/AUTHOR/IPCP: no author-info for primary
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.381: As84 AAA/AUTHOR/IPCP: no author-info for seconday
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.381: As84 IPCP: O CONFREJ [ACKrcvd] id 5 len 10
>>Feb  1 10:43:22.381: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.501: As84 IPCP: I CONFREQ [ACKrcvd] id 6 len 28
>>Feb  1 10:43:22.501: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.501: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:22.501: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:22.501: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:22.501: As84 IPCP: Cannot satisfy pool request Feb  1 
>>10:43:22.501: As84 IPCP: Neither side knows remote address Feb  1 
>>10:43:22.501: As84 AAA/AUTHOR/IPCP: no author-info for primary
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.501: As84 AAA/AUTHOR/IPCP: no author-info for seconday
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.501: As84 IPCP: O CONFREJ [ACKrcvd] id 6 len 10
>>Feb  1 10:43:22.501: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.625: As84 IPCP: I CONFREQ [ACKrcvd] id 7 len 28
>>Feb  1 10:43:22.625: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.625: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:22.625: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:22.625: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:22.625: As84 IPCP: Cannot satisfy pool request Feb  1 
>>10:43:22.625: As84 IPCP: Neither side knows remote address Feb  1 
>>10:43:22.625: As84 AAA/AUTHOR/IPCP: no author-info for primary
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.625: As84 AAA/AUTHOR/IPCP: no author-info for seconday
>>    
>>
>dns
>  
>
>>Feb  1 10:43:22.625: As84 IPCP: O CONFREJ [ACKrcvd] id 7 len 10
>>Feb  1 10:43:22.625: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.745: As84 IPCP: I CONFREQ [ACKrcvd] id 8 len 28
>>Feb  1 10:43:22.745: As84 IPCP:    Address 0.0.0.0 (0x030600000000)
>>Feb  1 10:43:22.745: As84 IPCP:    CompressType VJ 15 slots
>>CompressSlotID (0x0206002D0F01)
>>Feb  1 10:43:22.745: As84 IPCP:    PrimaryDNS 131.188.3.73
>>(0x810683BC0349)
>>Feb  1 10:43:22.745: As84 IPCP:    SecondaryDNS 255.255.255.255
>>(0x8306FFFFFFFF)
>>Feb  1 10:43:22.745: As84 IPCP: Cannot satisfy pool request 
>>############################################################
>>
>>If someone can help me, thanks.
>>
>>    Florian Prester
>>
>>P.S.: The client is tested.
>>
>>--
>>--------------------------------------------------------------
>>Dipl. Inf. Florian Prester
>>Network Administration
>>Regionales RechenZentrum Erlangen
>>Universitaet Erlangen-Nuernberg
>>Germany
>>
>>Tel.: +499131 8527813
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>    
>>


-- 
--------------------------------------------------------------
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Germany

Tel.: +499131 8527813

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


------------------------------------------------------------------------------
This communication, including any attachments, is confidential. If 
 you are not the intended recipient, you should not read it - please 
 contact me immediately, destroy it, and do not copy or use any part of 
 this communication or disclose anything about it.

------------------------------------------------------------------------------




More information about the cisco-nsp mailing list