[c-nsp] 7200 LNS problems from Redback? or Radius?

Joe Freeman joe at netbyjoe.com
Wed May 30 11:47:36 EDT 2007


 Make sure your radius host(s) is(are) defined with a block similiar to this
(and are reachable)-

radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646 non-standard
radius-server host xx.xx.xx.xx auth-port 1645 acct-port 1646 non-standard
radius-server deadtime 60
radius-server key 7 someencryptedpassword
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication


you can then do a test authentication using the test aaa command -

testrouter#test aaa group radius username password

That'll tell you if your radius config is properly working or not.

Joe

On 5/30/07, Skeeve Stevens <skeeve at skeeve.org> wrote:
>
> Hey guys,
>
>         I have a 7200 taking sessions from a Redback and either the
> Redback
> is not configured properly (hard to prove as I don't have access), or I
> have
> a local problem.
>
> I'm receiving the log entry below
>
> AAA/AUTHOR (0x0): Pick method list 'local-list'
>
>         This seems to suggest that it is ignoring radius and trying local
> auth.
>
> I have:
>
> !
> aaa group server radius dslrad
> server 202.x.x.x auth-port 1812 acct-port 1813
> !
> aaa authentication login default local
> aaa authentication ppp default group radius group dslrad
> aaa authorization exec default local group dslrad
> aaa authorization network default group dslrad
> aaa accounting delay-start
> aaa accounting update periodic 30
> aaa accounting network default start-stop group dslrad
> aaa accounting connection default start-stop group dslrad
> aaa accounting system default start-stop group dslrad
>
> which seems to be fine.
>
> I have the following debugging on:
>
> General OS:
>   AAA Authentication debugging is on
>   AAA Authorization debugging is on
>   AAA Administrative debugging is on
>   AAA Local debugs debugging is on
>   AAA Radius debugs debugging is on
> L2TP:
>   L2TP packet events debugging is on
>   L2TP packet errors debugging is on
>   L2TP errors debugging is on
>   L2TP events debugging is on
>   L2TP L2TUN socket API debugging is on
> PPP:
>   PPP authentication debugging is on
>   PPP protocol errors debugging is on
>   PPP protocol negotiation debugging is on
>   PPP forwarding events debugging is on
> VPN:
>   VPDN call event debugging is on
>   VPDN message debugging is on
>   VPDN events debugging is on
>   VPDN errors debugging is on
>   VPDN packet debugging is on
> Radius protocol debugging is on
> Radius protocol brief debugging is on
> Radius protocol verbose debugging is on
>
> And I am seeing zero radius chatter at all, and only the one AAA comment
> about local-list.
>
> The tunnel seems to come up to the Redback, but then I see nothing except
> this:
>
> May 30 2007 21:51:59: L2X:CEF From tunnel: 93 byte pak dropped
> May 30 2007 21:52:01: L2X:CEF From tunnel: Gi0/1.31 Received 93 byte pak
> May 30 2007 21:52:01: L2X:CEF From tunnel: 93 byte pak dropped
> May 30 2007 21:52:03: L2X:CEF From tunnel: Gi0/1.31 Received 93 byte pak
>
> Anyone have any ideas please?
>
> System image file is "disk2:c7200p-advipservicesk9-mz.124-11.T1.bin"
>
> Cisco 7204G2.
>
> .Skeeve
>
>
> --
> Skeeve Stevens, RHCE
> skeeve at skeeve.org / www.skeeve.org
> Cell +61 (0)414 753 383 / skype://skeeve
>
> eintellego - skeeve at eintellego.net - www.eintellego.net
> --
> I'm a groove licked love child king of the verse
> Si vis pacem, para bellum
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list