[c-nsp] Strange Radius Debug seen with SB Release

Andy Saykao andy.saykao at staff.netspace.net.au
Wed Oct 15 02:22:33 EDT 2008 

Hi All,
 
I'm doing some testing with the SB release of 12.2(31)SB13 on a 7301
that we plan to put into production to terminate L2TP connections for
our MPLS VPN customers. The SB release was chosen because it has the LSP
Ping and Traceroute command which is required if we want to take full
advantage of Cisco's MPLS Diagnostics Expert software.
 
What I've found is that when I debug radius no Framed-Route and
Framed-IP-Address are being sent in the start packet of the radius
accounting packet. When I reload the 7301 with an IOS we use in
production (12.3(14)T7) , the Framed-Route and Framed-IP-Address are
included in the start packet. Is this the desired behaviour of the SB
release???
 
Below are the debugs taken with the different IOS.
 
Using 12.2(31)SB13:
 
*Oct 15 11:54:00.720 AEST: RADIUS(0000000C): Received from id 21646/1
*Oct 15 11:54:00.740 AEST: RADIUS/ENCODE(0000000C):Orig. component type
= PPoE
*Oct 15 11:54:00.740 AEST: RADIUS/ENCODE(0000000C): Acct-session-id
pre-pended with Nas Port = 0/0/1/21
*Oct 15 11:54:00.740 AEST: RADIUS(0000000C): Config NAS IP:
203.17.101.50
*Oct 15 11:54:00.740 AEST: RADIUS(0000000C): sending
*Oct 15 11:54:00.740 AEST: RADIUS(0000000C): Send Accounting-Request to
203.10.110.74:1646 id 21646/2, len 200
*Oct 15 11:54:00.740 AEST: RADIUS:  authenticator 5B 5A 8A E3 C2 3D C2
17 - A4 9D 6A 3D 45 80 4A C4
*Oct 15 11:54:00.740 AEST: RADIUS:  Acct-Session-Id     [44]  19
"0/0/1/21_00000002"
*Oct 15 11:54:00.740 AEST: RADIUS:  Framed-Protocol     [7]   6   PPP
[1]
*Oct 15 11:54:00.740 AEST: RADIUS:  User-Name           [1]   22
"mplstest at dbtest@adsl"
*Oct 15 11:54:00.740 AEST: RADIUS:  Vendor, Cisco       [26]  32
*Oct 15 11:54:00.740 AEST: RADIUS:   Cisco AVpair       [1]   26
"connect-progress=Call Up"
*Oct 15 11:54:00.744 AEST: RADIUS:  Acct-Authentic      [45]  6   RADIUS
[1]
*Oct 15 11:54:00.744 AEST: RADIUS:  Acct-Status-Type    [40]  6   Start
[1]
*Oct 15 11:54:00.744 AEST: RADIUS:  NAS-Port-Type       [61]  6
Ethernet                  [15]
*Oct 15 11:54:00.744 AEST: RADIUS:  NAS-Port            [5]   6
16777237
*Oct 15 11:54:00.744 AEST: RADIUS:  NAS-Port-Id         [87]  10
"0/0/1/21"
*Oct 15 11:54:00.744 AEST: RADIUS:  Vendor, Cisco       [26]  41
*Oct 15 11:54:00.744 AEST: RADIUS:   Cisco AVpair       [1]   35
"client-mac-address=fa00.0008.0802"
*Oct 15 11:54:00.744 AEST: RADIUS:  Connect-Info        [77]  8
"NSTEST"
*Oct 15 11:54:00.744 AEST: RADIUS:  Service-Type        [6]   6   Framed
[2]
*Oct 15 11:54:00.744 AEST: RADIUS:  NAS-IP-Address      [4]   6
203.17.101.50
*Oct 15 11:54:00.744 AEST: RADIUS:  Acct-Delay-Time     [41]  6   0
*Oct 15 11:54:00.744 AEST: %LINK-3-UPDOWN: Interface Virtual-Access3,
changed state to up
*Oct 15 11:54:00.868 AEST: RADIUS: Received from id 21646/2
203.10.110.74:1646, Accounting-response, len 20
*Oct 15 11:54:00.868 AEST: RADIUS:  authenticator CB 94 DA 84 96 FE 18
FC - 8C 1B 71 4D 9E E6 52 AB
*Oct 15 11:54:01.744 AEST: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Virtual-Access3, changed state to up
 
Using 12.3(14)T7:
 
Oct 15 11:47:01.594 AEST: RADIUS/ENCODE(00000004):Orig. component type =
PPoE
Oct 15 11:47:01.594 AEST: RADIUS/ENCODE(00000004): Acct-session-id
pre-pended with Nas Port = 0/0/1/21
Oct 15 11:47:01.594 AEST: RADIUS(00000004): Config NAS IP: 203.17.101.50
Oct 15 11:47:01.594 AEST: RADIUS(00000004): sending
Oct 15 11:47:01.594 AEST: RADIUS(00000004): Send Accounting-Request to
203.10.110.74:1646 id 21646/5, len 253
Oct 15 11:47:01.594 AEST: RADIUS:  authenticator F5 40 CD 3D 39 CC A8 A9
- E9 75 78 4E 0E 10 9B 03
Oct 15 11:47:01.594 AEST: RADIUS:  Acct-Session-Id     [44]  19
"0/0/1/21_00000005"
Oct 15 11:47:01.594 AEST: RADIUS:  Vendor, Cisco       [26]  41
Oct 15 11:47:01.594 AEST: RADIUS:   Cisco AVpair       [1]   35
"client-mac-address=fa00.0008.0802"
Oct 15 11:47:01.594 AEST: RADIUS:  Framed-Protocol     [7]   6   PPP
[1]
Oct 15 11:47:01.594 AEST: RADIUS:  Framed-Route        [22]  52  "vrf
NSTEST 192.168.1.0 255.255.255.0 203.17.103.50"
Oct 15 11:47:01.594 AEST: RADIUS:  Framed-IP-Address   [8]   6
203.17.103.50
Oct 15 11:47:01.594 AEST: RADIUS:  User-Name           [1]   22
"mplstest at dbtest@adsl"
Oct 15 11:47:01.594 AEST: RADIUS:  Vendor, Cisco       [26]  35
Oct 15 11:47:01.594 AEST: RADIUS:   Cisco AVpair       [1]   29
"connect-progress=LAN Ses Up"
Oct 15 11:47:01.594 AEST: RADIUS:  Acct-Authentic      [45]  6   RADIUS
[1]
Oct 15 11:47:01.594 AEST: RADIUS:  Acct-Status-Type    [40]  6   Start
[1]
Oct 15 11:47:01.594 AEST: RADIUS:  NAS-Port-Type       [61]  6
Ethernet                  [15]
Oct 15 11:47:01.594 AEST: RADIUS:  NAS-Port            [5]   6
16777237
Oct 15 11:47:01.594 AEST: RADIUS:  NAS-Port-Id         [87]  10
"0/0/1/21"
Oct 15 11:47:01.594 AEST: RADIUS:  Service-Type        [6]   6   Framed
[2]
Oct 15 11:47:01.594 AEST: RADIUS:  NAS-IP-Address      [4]   6
203.17.101.50
Oct 15 11:47:01.594 AEST: RADIUS:  Acct-Delay-Time     [41]  6   0
Oct 15 11:47:01.810 AEST: RADIUS: Received from id 21646/5
203.10.110.74:1646, Accounting-response, len 20
Oct 15 11:47:01.810 AEST: RADIUS:  authenticator 74 8F 4E 47 AF 96 4E 67
- E9 C4 33 D9 92 8B B0 8E
Oct 15 11:47:02.582 AEST: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Virtual-Access3, changed state to up
 
I've tested this using Radius flat files which places the session into
the appropriate VRF and sets up a static route.
 
mplstest          Password = "xxxxxx"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-Address = 203.17.103.50,
        Framed-Netmask = 255.255.255.255,
        cisco-avpair = "lcp:interface-config=ip vrf forwarding
NSTEST\nip unnumbered lo100",
        cisco-avpair = "ip:route=vrf NSTEST 192.168.1.0 255.255.255.0
203.17.103.50"
 
If I remove the cisco-avpair lines referring to the set up of the VRF
details for the session from the flat file, the Framed-IP-Address shows
up in the radius accounting packet. Given that the debug looks ok when
using a different IOS, I'm starting to believe that has something to do
with the SB release.
 
When the session is terminated, the stop packet contains the
Framed-Route and Framed-IP-Address.
 
Oct 15 11:56:24.473 AEST: RADIUS/ENCODE(0000000D):Orig. component type =
PPoE
Oct 15 11:56:24.473 AEST: RADIUS/ENCODE(0000000D): Acct-session-id
pre-pended with Nas Port = 0/0/1/21
Oct 15 11:56:24.473 AEST: RADIUS(0000000D): Config NAS IP: 203.17.101.50
Oct 15 11:56:24.473 AEST: RADIUS(0000000D): sending
Oct 15 11:56:24.473 AEST: RADIUS(0000000D): Send Accounting-Request to
203.10.110.74:1646 id 21646/6, len 457
Oct 15 11:56:24.473 AEST: RADIUS:  authenticator 89 89 6D 1B 45 77 20 8B
- 9C 45 46 C5 02 F8 AE 2D
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Session-Id     [44]  19
"0/0/1/21_00000004"
Oct 15 11:56:24.473 AEST: RADIUS:  Framed-Protocol     [7]   6   PPP
[1]
Oct 15 11:56:24.473 AEST: RADIUS:  Framed-Route        [22]  52  "vrf
NSTEST 192.168.1.0 255.255.255.0 203.17.103.50"
Oct 15 11:56:24.473 AEST: RADIUS:  Framed-IP-Address   [8]   6
203.17.103.50
Oct 15 11:56:24.473 AEST: RADIUS:  Vendor, Cisco       [26]  59
Oct 15 11:56:24.473 AEST: RADIUS:   Cisco AVpair       [1]   53
"ppp-disconnect-cause=Received LCP TERMREQ from peer"
Oct 15 11:56:24.473 AEST: RADIUS:  User-Name           [1]   22
"mplstest at dbtest@adsl"
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Authentic      [45]  6   RADIUS
[1]
Oct 15 11:56:24.473 AEST: RADIUS:  Vendor, Cisco       [26]  35
Oct 15 11:56:24.473 AEST: RADIUS:   Cisco AVpair       [1]   29
"connect-progress=LAN Ses Up"
Oct 15 11:56:24.473 AEST: RADIUS:  Vendor, Cisco       [26]  31
Oct 15 11:56:24.473 AEST: RADIUS:   Cisco AVpair       [1]   25
"nas-tx-speed=1000000000"
Oct 15 11:56:24.473 AEST: RADIUS:  Vendor, Cisco       [26]  31
Oct 15 11:56:24.473 AEST: RADIUS:   Cisco AVpair       [1]   25
"nas-rx-speed=1000000000"
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Session-Time   [46]  6   46
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Input-Octets   [42]  6   2773
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Output-Octets  [43]  6   1340
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Input-Packets  [47]  6   45
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Output-Packets [48]  6   29
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Terminate-Cause[49]  6
user-request              [1]
Oct 15 11:56:24.473 AEST: RADIUS:  Vendor, Cisco       [26]  39
Oct 15 11:56:24.473 AEST: RADIUS:   Cisco AVpair       [1]   33
"disc-cause-ext=PPP Receive Term"
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Status-Type    [40]  6   Stop
[2]
Oct 15 11:56:24.473 AEST: RADIUS:  NAS-Port-Type       [61]  6
Ethernet                  [15]
Oct 15 11:56:24.473 AEST: RADIUS:  NAS-Port            [5]   6
16777237
Oct 15 11:56:24.473 AEST: RADIUS:  NAS-Port-Id         [87]  10
"0/0/1/21"
Oct 15 11:56:24.473 AEST: RADIUS:  Vendor, Cisco       [26]  41
Oct 15 11:56:24.473 AEST: RADIUS:   Cisco AVpair       [1]   35
"client-mac-address=fa00.0008.0802"
Oct 15 11:56:24.473 AEST: RADIUS:  Connect-Info        [77]  8
"NSTEST"
Oct 15 11:56:24.473 AEST: RADIUS:  Service-Type        [6]   6   Framed
[2]
Oct 15 11:56:24.473 AEST: RADIUS:  NAS-IP-Address      [4]   6
203.17.101.50
Oct 15 11:56:24.473 AEST: RADIUS:  Acct-Delay-Time     [41]  6   0
Oct 15 11:56:24.489 AEST: %LINK-3-UPDOWN: Interface Virtual-Access3,
changed state to down
Oct 15 11:56:24.637 AEST: RADIUS: Received from id 21646/6
203.10.110.74:1646, Accounting-response, len 20
Oct 15 11:56:24.637 AEST: RADIUS:  authenticator 14 20 2C BA 26 4E BE 4A
- 6B A2 33 43 E8 AC D2 16
Oct 15 11:56:25.489 AEST: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Virtual-Access3, changed state to down
 
I've spent all day looking for answers but can't find any. I'm just not
sure when using the SB release why the start packet would not include
these two attributes and if it really matters?  Hope somebody can help.
 
Many Thanks.
 
Andy

More information about the cisco-nsp mailing list