[c-nsp] ISDN Dialin RADIUS
Florian Prester
Florian.Prester at rrze.uni-erlangen.de
Wed Feb 2 02:59:42 EST 2005
Hi,
YES, the RADIUS is assigning IP addresses for all users.
#######################################################
following-Config:
current configuration : 8815 bytes
!
! Last configuration change at 08:35:57 MET Wed Feb 2 2005 by @admin
! NVRAM config last updated at 12:15:36 MET Tue Feb 1 2005 by @admin
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
!
hostname modem-i1
!
boot-start-marker
boot system flash flash:c3725-ipbase-mz.123-10.bin
boot-end-marker
!
card type e1 1
logging buffered 512000 debugging
!
clock timezone MET 1
clock summer-time MET recurring last Sun Mar 2:00 last Sun Oct 3:00
modem country mica germany
aaa new-model
!
!
aaa authentication login default group radius local none
aaa authentication enable default enable line none
aaa authentication ppp default if-needed group radius
aaa authorization exec default group radius local
aaa authorization network default group radius none
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
isdn switch-type primary-net5
isdn logging
!
chat-script offhook "" "ATH1" OK
chat-script callback ABORT ERROR ABORT BUSY "" "ATDT\T" TIMEOUT 60
"CONNECT" \C
!
!
controller E1 1/0
pri-group timeslots 1-31
!
!
interface Loopback0
ip address 192.44.86.6 255.255.255.255
!
interface FastEthernet0/1
ip address 192.44.86.36 255.255.255.224
ip access-group 101 out
ip mask-reply
ip directed-broadcast 3
no ip proxy-arp
ip pim sparse-dense-mode
ip multicast ttl-threshold 16
no ip route-cache cef
no ip route-cache
ip cgmp
no ip mroute-cache
ip ospf cost 1
duplex auto
speed auto
!
interface Serial1/0:15
ip unnumbered Loopback0
ip pim sparse-mode
encapsulation ppp
dialer idle-timeout 6000
dialer-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
isdn skip-async-callerid-check
no peer default ip address
no keepalive
no cdp enable
ppp authentication pap
ppp multilink
!
interface Group-Async0
ip unnumbered Loopback0
encapsulation ppp
ip tcp header-compression
dialer in-band
dialer idle-timeout 6000
async mode interactive
peer default ip address pool setup_pool
ppp authentication pap
group-range 65 94
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 10.8.0.0 0.0.255.255 area 0.0.0.0
network 192.44.86.32 0.0.0.31 area 0.0.0.0
!
ip local pool setup-pool 172.16.21.1 172.16.21.30
ip default-gateway 192.44.86.34
ip classless
ip default-network 0.0.0.0
ip route 0.0.0.0 0.0.0.0 192.44.86.35
ip route 0.0.0.0 0.0.0.0 192.44.86.34 150
ip route 0.0.0.0 0.0.0.0 Null0 200
ip route 192.44.83.24 255.255.255.248 192.44.82.78
ip route 192.44.83.40 255.255.255.248 192.44.82.140
ip route 192.44.83.48 255.255.255.248 192.44.82.48
ip route 192.44.83.56 255.255.255.248 192.44.82.35
ip route 192.44.90.0 255.255.255.0 192.44.82.11
no ip http server
ip pim accept-rp auto-rp
ip ospf name-lookup
line con 0
line 65 94
script modem-off-hook offhook
script callback callback
modem InOut
modem autoconfigure type mica
transport preferred none
transport input all
autoselect during-login
autoselect ppp
line aux 0
no exec
line vty 0 4
session-timeout 60 output
exec-timeout 60 0
history size 100
transport preferred none
escape-character 3
!
################################################################
following DEBUG:
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
Generic IP:
IP peer address activity debugging is on
PPP:
PPP authentication debugging is on
PPP protocol errors debugging is on
PPP protocol negotiation debugging is on
Radius protocol debugging is on
Radius packet protocol debugging is on
###############################################################
following DEBUG-OUTPUT:
Feb 2 07:36:03.478: AAA/BIND(00000162): Bind i/f Serial1/0:0
Feb 2 07:36:03.478: AAA/ACCT/DS0: channel=0, ds1=0, t3=0, slot=1,
ds0=16777216
Feb 2 08:36:03.490 MET: %LINK-3-UPDOWN: Interface Serial1/0:0, changed
state to up
Feb 2 07:36:03.490: Se1/0:0 PPP: Using dialer call direction
Feb 2 07:36:03.490: Se1/0:0 PPP: Treating connection as a callin
Feb 2 07:36:03.490: Se1/0:0 PPP: Phase is ESTABLISHING, Passive Open
Feb 2 07:36:03.490: Se1/0:0 LCP: State is Listen
Feb 2 07:36:05.482: Se1/0:0 LCP: TIMEout: State Listen
Feb 2 07:36:05.482: Se1/0:0 PPP: Authorization required
Feb 2 07:36:05.482: Se1/0:0 AAA/AUTHOR/LCP: Authorization succeeds trivially
Feb 2 07:36:05.482: Se1/0:0 LCP: O CONFREQ [Listen] id 7 len 29
Feb 2 07:36:05.482: Se1/0:0 LCP: AuthProto PAP (0x0304C023)
Feb 2 07:36:05.482: Se1/0:0 LCP: MagicNumber 0x14AD3E2C (0x050614AD3E2C)
Feb 2 07:36:05.482: Se1/0:0 LCP: MRRU 1524 (0x110405F4)
Feb 2 07:36:05.482: Se1/0:0 LCP: EndpointDisc 1 modem-i1
(0x130B016D6F64656D2D6931)
Feb 2 07:36:05.498: Se1/0:0 LCP: I CONFREQ [REQsent] id 1 len 14
Feb 2 07:36:05.498: Se1/0:0 LCP: MRU 1500 (0x010405DC)
Feb 2 07:36:05.498: Se1/0:0 LCP: MagicNumber 0x5E52C3ED (0x05065E52C3ED)
Feb 2 07:36:05.498: Se1/0:0 LCP: O CONFACK [REQsent] id 1 len 14
Feb 2 07:36:05.498: Se1/0:0 LCP: MRU 1500 (0x010405DC)
Feb 2 07:36:05.498: Se1/0:0 LCP: MagicNumber 0x5E52C3ED (0x05065E52C3ED)
Feb 2 07:36:05.502: Se1/0:0 LCP: I CONFREJ [ACKsent] id 7 len 8
Feb 2 07:36:05.502: Se1/0:0 LCP: MRRU 1524 (0x110405F4)
Feb 2 07:36:05.502: Se1/0:0 LCP: O CONFREQ [ACKsent] id 8 len 25
Feb 2 07:36:05.502: Se1/0:0 LCP: AuthProto PAP (0x0304C023)
Feb 2 07:36:05.502: Se1/0:0 LCP: MagicNumber 0x14AD3E2C (0x050614AD3E2C)
Feb 2 07:36:05.502: Se1/0:0 LCP: EndpointDisc 1 modem-i1
(0x130B016D6F64656D2D6931)
Feb 2 07:36:05.522: Se1/0:0 LCP: I CONFACK [ACKsent] id 8 len 25
Feb 2 07:36:05.522: Se1/0:0 LCP: AuthProto PAP (0x0304C023)
Feb 2 07:36:05.522: Se1/0:0 LCP: MagicNumber 0x14AD3E2C (0x050614AD3E2C)
Feb 2 07:36:05.522: Se1/0:0 LCP: EndpointDisc 1 modem-i1
(0x130B016D6F64656D2D6931)
Feb 2 07:36:05.522: Se1/0:0 LCP: State is Open
Feb 2 07:36:05.522: Se1/0:0 PPP: Phase is AUTHENTICATING, by this end
Feb 2 07:36:05.526: Se1/0:0 PAP: I AUTH-REQ id 1 len 20 from "goofy"
Feb 2 07:36:05.526: Se1/0:0 PAP: Authenticating peer goofy
Feb 2 07:36:05.526: Se1/0:0 PPP: Phase is FORWARDING, Attempting Forward
Feb 2 07:36:05.526: Se1/0:0 PPP: Phase is AUTHENTICATING,
Unauthenticated User
Feb 2 07:36:05.526: AAA/AUTHEN/PPP (00000162): Pick method list 'default'
Feb 2 07:36:05.526: Se1/0:0 PPP: Sent PAP LOGIN Request
Feb 2 07:36:05.526: RADIUS/ENCODE(00000162):Orig. component type = ISDN
Feb 2 07:36:05.526: RADIUS: AAA Unsupported Attr: interface [153] 11
Feb 2 07:36:05.526: RADIUS: 53 65 72 69 61 6C 31 2F 30 [Serial1/0]
Feb 2 07:36:05.526: RADIUS(00000162): Storing nasport 20000 in rad_db
Feb 2 07:36:05.526: RADIUS(00000162): Config NAS IP: 0.0.0.0
Feb 2 07:36:05.526: RADIUS/ENCODE(00000162): acct_session_id: 355
Feb 2 07:36:05.526: RADIUS(00000162): sending
Feb 2 07:36:05.526: RADIUS/ENCODE: Best Local IP-Address NAS-IP for
Radius-Server RADIUS
Feb 2 07:36:05.526: RADIUS(00000162): Send Access-Request to RADIUS:1812
id 1645/69, len 107
Feb 2 07:36:05.526: RADIUS: authenticator 23 E7 EC F2 1C 4C 00 AD - 73
E7 20 AE 33 43 31 CA
Feb 2 07:36:05.526: RADIUS: Framed-Protocol [7] 6 PPP [1]
Feb 2 07:36:05.526: RADIUS: User-Name [1] 8 "goofy"
Feb 2 07:36:05.526: RADIUS: User-Password [2] 18 *
Feb 2 07:36:05.526: RADIUS: NAS-Port [5] 6 20000
Feb 2 07:36:05.526: RADIUS: NAS-Port-Type [61] 6 ISDN [2]
Feb 2 07:36:05.526: RADIUS: Calling-Station-Id [31] 12 "phone-nr"
Feb 2 07:36:05.526: RADIUS: Called-Station-Id [30] 7 "71840"
Feb 2 07:36:05.526: RADIUS: Connect-Info [77] 12 "64000 HDLC"
Feb 2 07:36:05.526: RADIUS: Service-Type [6] 6 Framed [2]
Feb 2 07:36:05.526: RADIUS: NAS-IP-Address [4] 6 NAS-IP
Feb 2 07:36:05.534: RADIUS: Received from id 1645/69 RADIUS:1812,
Access-Accept, len 44
Feb 2 07:36:05.534: RADIUS: authenticator 2D 7A 6E CD C0 80 0A 58 - 8C
D7 35 13 02 6A D8 D9
Feb 2 07:36:05.534: RADIUS: Service-Type [6] 6 Framed [2]
Feb 2 07:36:05.534: RADIUS: Framed-Protocol [7] 6 PPP [1]
Feb 2 07:36:05.534: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.0
Feb 2 07:36:05.534: RADIUS: Framed-IP-Address [8] 6 10.10.47.167
Feb 2 07:36:05.534: RADIUS(00000162): Received from id 1645/69
Feb 2 07:36:05.534: Se1/0:0 PPP: Received LOGIN Response PASS
Feb 2 07:36:05.534: Se1/0:0 PPP/AAA: Check Attr: service-type
Feb 2 07:36:05.534: Se1/0:0 PPP/AAA: Check Attr: Framed-Protocol
Feb 2 07:36:05.534: Se1/0:0 PPP/AAA: Check Attr: netmask
Feb 2 07:36:05.534: Se1/0:0 PPP/AAA: Check Attr: route: Peruser
Feb 2 07:36:05.534: Se1/0:0 PPP/AAA: Check Attr: addr
Feb 2 07:36:05.534: Se1/0:0 PPP: Phase is FORWARDING, Attempting Forward
Feb 2 07:36:05.534: Se1/0:0 PPP: Phase is AUTHENTICATING, Authenticated User
Feb 2 07:36:05.534: Se1/0:0 AAA/AUTHOR/LCP: Process Author
Feb 2 07:36:05.534: Se1/0:0 AAA/AUTHOR/LCP: Process Attr: service-type
Feb 2 07:36:05.534: Se1/0:0 PAP: O AUTH-ACK id 1 len 5
Feb 2 07:36:05.534: Se1/0:0 PPP: Phase is FORWARDING
Feb 2 07:36:05.534: Vi1 PPP: Phase is DOWN, Setup
Feb 2 07:36:05.534: AAA/BIND(00000162): Bind i/f Virtual-Access1
Feb 2 07:36:05.534: Vi1 PPP: Authorization required
Feb 2 07:36:05.534: Vi1 PPP: No remote authentication for call-in
Feb 2 07:36:05.534: Vi1 PPP: Phase is ESTABLISHING
Feb 2 07:36:05.534: Se1/0:0 PPP: Phase is FORWARDED
Feb 2 07:36:05.534: Vi1 LCP: I FORCED rcvd CONFACK len 21
Feb 2 07:36:05.534: Vi1 LCP: AuthProto PAP (0x0304C023)
Feb 2 07:36:05.534: Vi1 LCP: MagicNumber 0x14AD3E2C (0x050614AD3E2C)
Feb 2 07:36:05.538: Vi1 LCP: EndpointDisc 1 modem-i1
(0x130B016D6F64656D2D6931)
Feb 2 07:36:05.538: Vi1 LCP: I FORCED sent CONFACK len 10
Feb 2 07:36:05.538: Vi1 LCP: MRU 1500 (0x010405DC)
Feb 2 07:36:05.538: Vi1 LCP: MagicNumber 0x5E52C3ED (0x05065E52C3ED)
Feb 2 07:36:05.538: Vi1 PPP: Phase is AUTHENTICATING, by this end
Feb 2 07:36:05.538: Vi1 AAA/AUTHOR/LCP: Process Author
Feb 2 07:36:05.538: Vi1 AAA/AUTHOR/LCP: Process Attr: service-type
Feb 2 07:36:05.538: Vi1 PPP: Phase is UP
Feb 2 07:36:05.538: Vi1 PPP: Process pending ncp packets
Feb 2 07:36:05.538: Se1/0:0 PPP: Process pending ncp packets
Feb 2 08:36:05.538 MET: %LINK-3-UPDOWN: Interface Virtual-Access1,
changed state to up
Feb 2 07:36:05.550: Vi1 CCP: I CONFREQ [Not negotiated] id 1 len 10
Feb 2 07:36:05.550: Vi1 CCP: Deflate 0x7800 (0x1A047800)
Feb 2 07:36:05.550: Vi1 CCP: Predictor1 (0x0102)
Feb 2 07:36:05.550: Vi1 LCP: O PROTREJ [Open] id 1 len 16 protocol CCP
(0x80FD0101000A1A0478000102)
Feb 2 07:36:05.554: Vi1 IPCP: I CONFREQ [Not negotiated] id 1 len 28
Feb 2 07:36:05.554: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)
Feb 2 07:36:05.554: Vi1 IPCP: CompressType VJ 15 slots CompressSlotID
(0x0206002D0F01)
Feb 2 07:36:05.554: Vi1 IPCP: PrimaryDNS 131.188.3.73 (0x810683BC0349)
Feb 2 07:36:05.554: Vi1 IPCP: SecondaryDNS 255.255.255.255 (0x8306FFFFFFFF)
Feb 2 07:36:05.554: Vi1 LCP: O PROTREJ [Open] id 2 len 34 protocol IPCP
Feb 2 07:36:05.554: Vi1 LCP: (0x80210101001C0306000000000206002D)
Feb 2 07:36:05.554: Vi1 LCP: (0x0F01810683BC03498306FFFFFFFF)
Feb 2 07:36:05.558: Vi1 IPV6CP: I CONFREQ [Not negotiated] id 1 len 14
Feb 2 07:36:05.558: Vi1 IPV6CP: Interface-Id 0207:E9FF:FE5D:BB9E
(0x010A0207E9FFFE5DBB9E)
Feb 2 07:36:05.558: Vi1 LCP: O PROTREJ [Open] id 3 len 20 protocol
IPV6CP (0x80570101000E010A0207E9FFFE5DBB9E)
Feb 2 07:36:05.570: Vi1 IPCP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:05.570: Vi1 IPCP: Lower layer not up, discarding packet
Feb 2 07:36:05.574: Vi1 IPV6CP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:05.574: Vi1 LCP: O PROTREJ [Open] id 4 len 10 protocol
IPV6CP (0x805705010004)
Feb 2 08:36:06.534 MET: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial1/0:0, changed state to up
Feb 2 08:36:06.538 MET: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to up
Feb 2 07:36:08.674: Vi1 IPCP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:08.674: Vi1 IPCP: Lower layer not up, discarding packet
Feb 2 07:36:08.678: Vi1 IPV6CP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:08.678: Vi1 LCP: O PROTREJ [Open] id 5 len 10 protocol
IPV6CP (0x805705010004)
Feb 2 08:36:09.490 MET: %ISDN-6-CONNECT: Interface Serial1/0:0 is now
connected to phone-nr goofy
Feb 2 07:36:11.746: Vi1 IPCP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:11.746: Vi1 IPCP: Lower layer not up, discarding packet
Feb 2 07:36:11.746: Vi1 IPV6CP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:11.746: Vi1 LCP: O PROTREJ [Open] id 6 len 10 protocol
IPV6CP (0x805705010004)
Feb 2 07:36:14.814: Vi1 IPCP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:14.814: Vi1 IPCP: Lower layer not up, discarding packet
Feb 2 07:36:14.818: Vi1 IPV6CP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:14.818: Vi1 LCP: O PROTREJ [Open] id 7 len 10 protocol
IPV6CP (0x805705010004)
Feb 2 07:36:17.886: Vi1 IPCP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:17.886: Vi1 IPCP: Lower layer not up, discarding packet
Feb 2 07:36:17.886: Vi1 IPV6CP: I TERMREQ [Not negotiated] id 1 len 4
Feb 2 07:36:17.886: Vi1 LCP: O PROTREJ [Open] id 8 len 10 protocol
IPV6CP (0x805705010004)
Feb 2 07:36:20.954: Vi1 LCP: I TERMREQ [Open] id 2 len 4
Feb 2 07:36:20.954: Vi1 LCP: O TERMACK [Open] id 2 len 4
Feb 2 07:36:20.954: Vi1 PPP: Sending Acct Event[Down] id[162]
Feb 2 07:36:20.958: Vi1 IPCP: State is Closed
Feb 2 07:36:20.958: Vi1 PPP: Phase is TERMINATING
Feb 2 07:36:20.958: Se1/0:0 PPP: Sending Acct Event[Down] id[162]
Feb 2 07:36:20.958: Se1/0:0 PPP: Phase is TERMINATING
Feb 2 07:36:20.958: Se1/0:0 LCP: State is Closed
Feb 2 07:36:20.958: Se1/0:0 PPP: Phase is DOWN
Feb 2 08:36:20.958 MET: %ISDN-6-DISCONNECT: Interface Serial1/0:0
disconnected from phone-nr goofy, call lasted 17 seconds
Feb 2 08:36:20.962 MET: %LINK-3-UPDOWN: Interface Virtual-Access1,
changed state to down
Feb 2 07:36:20.962: Vi1 LCP: State is Closed
Feb 2 07:36:20.962: Vi1 PPP: Phase is DOWN
Feb 2 08:36:21.034 MET: %LINK-3-UPDOWN: Interface Serial1/0:0, changed
state to down
Feb 2 08:36:21.958 MET: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to down
Feb 2 08:36:21.958 MET: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial1/0:0, changed state to down
################################################################################
Thanks
Florian
Dennis Peng wrote:
>
> On Feb 1, 2005, at 4:59 AM, Florian Prester wrote:
>
>> Hi,
>>
>> I am using an CISCO (IOS (tm) 3700 Software (C3725-IPBASE-M), Version
>> 12.3(10), RELEASE SOFTWARE (fc3)) as a dialin router. The modem-calls
>> succeed, but isdn-calls fail.
>
>
> I'm a little confused by this statement because in the debug trace
> you show below, you show a modem call which fails.
>
>
>> First my Radius server is serving the IP-Address of the calling client,
>> the authentication succeed as well.
>
>
> Is your RADIUS server assigning IP addresses for all of your
> users?
>
>> But the my NAS is or is not arguing with the caller, about the IP.
>
>
> Can you send me your full configuration and also a new set of
> debugs for a failing call with the following debugs turned on:
>
> debug aaa authen
> debug aaa author
> debug ppp negot
> debug ppp authen
> debug ppp error
> debug radius authen
> debug ip peer
>
> Thanks.
>
> Dennis
--
--------------------------------------------------------------
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Germany
Tel.: +499131 8527813
More information about the cisco-nsp
mailing list