[c-nsp] RADIUS Framed-Route attribute not being picked up by a 2610.

Stephen Fulton cisco-nsp at lists.esoteric.ca
Thu Sep 22 15:51:22 EDT 2005 

Hi all,

I'm trying to configure an old 2610 (IOS v12.0(17)) to use the 
Framed-Route attribute it receives via RADIUS.  Authentication works 
fine, but the route does not seem to be picked up by the 2610.  I'm 
certain that the information by the RADIUS server is sound, as I've 
tested it against another NAS successfully, but here is the record I've 
been using:

   test    Password == "123123"
           Service-Type := Framed-User
           Framed-Protocol := PPP
           Framed-Route := 192.168.123.0/30 0

(Note: I use FreeRADIUS, and the record above has been pulled from an 
SQL table and made readable)

Again, I'm able to authenticate properly and access the network 
afterwads, but here's the revelant AAA section in case I missed something:

   aaa new-model
   aaa authentication login default line
   aaa authentication ppp default radius
   aaa accounting network default start-stop radius

And here's the async template configuration (since I dial-in):

   interface Group-Async1
    description Async Template
    ip unnumbered Loopback1
    no ip directed-broadcast
    encapsulation ppp
    ip tcp header-compression passive
    async mode dedicated
    peer default ip address pool DIAL-IN
    no fair-queue
    no cdp enable
    ppp max-bad-auth 3
    ppp authentication pap
    ppp timeout authentication 60
    group-range 33 40

And finally, here's some debugging input showing that the 2610 is in 
fact receiving the Framed-Route attribute (#22) from the RADIUS server:

00:50:12: RADIUS: ustruct sharecount=1
00:50:12: RADIUS: added cisco VSA 2 len 7 "Async34"
00:50:12: RADIUS: Initial Transmit Async34 id 20 192.168.1.5:1645, 
Access-Request, len 91
00:50:12:         Attribute 4 6 D8EA2F9E
00:50:12:         Attribute 5 6 00000022
00:50:12:         Attribute 26 15 0000000902094173
00:50:12:         Attribute 61 6 00000000
00:50:12:         Attribute 1 8 6261636B
00:50:12:         Attribute 2 18 18C741D4
00:50:12:         Attribute 6 6 00000002
00:50:12:         Attribute 7 6 00000001
00:50:12: RADIUS: Received from id 20 192.168.1.5:1645, Access-Accept, 
len 83
00:50:12:         Attribute 22 21 3230352E
00:50:12:         Attribute 6 6 00000002
00:50:12:         Attribute 7 6 00000001
00:50:12:         Attribute 8 6 FFFFFFFE
00:50:12:         Attribute 28 6 00000708
00:50:12:         Attribute 13 6 00000001
00:50:12:         Attribute 9 6 FFFFFFFF
00:50:12:         Attribute 12 6 000005DC
00:50:12: RADIUS: saved authorization data for user 80FC1764 at 80FB26D0

(Note "Attribute 22" immediately after the RADIUS: Received from.. line)

Any thoughts?

Thanks,

-- Stephen Fulton.

More information about the cisco-nsp mailing list