[c-nsp] Problem with session on ars1001x
dmitry at zhigulinet.ru
dmitry at zhigulinet.ru
Tue Dec 1 06:21:11 EST 2015
Hi all, i have asr1001x
Something I have problem with session. I do not manage sassion on
raidius COA, but session kill and start again, I some time can
manage session!!
Please help me!
Cisco IOS XE Software, Version 03.13.02.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSAL-M), Version 15.4(3)S2, RELEASE SOFTWARE (fc3)
My coa
echo
"User-Name=\"10.90.0.33\",Cisco-Account-Info=\"S10.90.0.33\",Service-Info=\"AFWPOL-BLOCK-REDIRECT\""
| radclient -x 172.31.31.31:3799 coa MyPass
Sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
Re-sending CoA-Request of id 116 to 172.31.31.31 port 3799
User-Name = "10.90.0.33"
Cisco-Account-Info = "S10.90.0.33"
radclient: no response from server for ID 116
Router#sho subscriber session username 10.90.0.33 de
Router#sho subscriber session username 10.90.0.33 detailed
Type: IPv4, UID: 30, State: authen, Identity: 10.90.0.33
IPv4 Address: 10.90.0.33
Session Up-time: 00:29:33, Last Changed: 00:21:37
Switch-ID: 4209
Policy information:
Context 7FEBC5783910: Handle EC000050
AAA_id 0000003D: Flow_handle 0
Authentication status: authen
Downloaded User profile, excluding services:
ssg-service-info 0 "QU;20480000;2560000;3840000;D;20480000;2560000;3840000"
accounting-list 0 "billing-auth"
addr 0 10.90.0.33
username 0 "10.90.0.33"
ssg-account-info 0 "AFWPOL-BLOCK-REDIRECT"
Downloaded User profile, including services:
ssg-service-info 0 "QU;20480000;2560000;3840000;D;20480000;2560000;3840000"
accounting-list 0 "billing-auth"
addr 0 10.90.0.33
username 0 "10.90.0.33"
ssg-account-info 0 "AFWPOL-BLOCK-REDIRECT"
Config history for session (recent to oldest):
Access-type: Web-service-logon Client: SM
Policy event: Apply Config Success (Unapplied) (Service)
Profile name: FWPOL-BLOCK-REDIRECT, 5 references
password 0 <hidden>
username 0 "FWPOL-BLOCK-REDIRECT"
sss-service 0 6 [local-termination]
traffic-class 0 "input access-group name ACL-BLOCK-REDIRECT"
l4redirect 0 "redirect to group RSG-BLOCK-REDIRECT"
traffic-class 0 "input default drop"
traffic-class 0 "output default drop"
Access-type: Web-service-logon Client: Push Command-Handler
Policy event: Process Config (Service)
Profile name: FWPOL-BLOCK-REDIRECT, 5 references
password 0 <hidden>
username 0 "FWPOL-BLOCK-REDIRECT"
sss-service 0 6 [local-termination]
traffic-class 0 "input access-group name ACL-BLOCK-REDIRECT"
l4redirect 0 "redirect to group RSG-BLOCK-REDIRECT"
traffic-class 0 "input default drop"
traffic-class 0 "output default drop"
Access-type: IP Client: Push Command-Handler
Policy event: Process Config
Profile name: 10.90.0.33, 3 references
username 0 "10.90.0.33"
ssg-account-info 0 "AFWPOL-BLOCK-REDIRECT"
Access-type: Web-service-logon Client: SM
Policy event: Apply Config Success (Unapplied) (Service)
Profile name: FWPOL-BLOCK-REDIRECT, 5 references
password 0 <hidden>
username 0 "FWPOL-BLOCK-REDIRECT"
sss-service 0 6 [local-termination]
traffic-class 0 "input access-group name ACL-BLOCK-REDIRECT"
l4redirect 0 "redirect to group RSG-BLOCK-REDIRECT"
traffic-class 0 "input default drop"
traffic-class 0 "output default drop"
Access-type: Web-service-logon Client: Push Command-Handler
Policy event: Process Config (Service)
Profile name: FWPOL-BLOCK-REDIRECT, 5 references
password 0 <hidden>
username 0 "FWPOL-BLOCK-REDIRECT"
sss-service 0 6 [local-termination]
traffic-class 0 "input access-group name ACL-BLOCK-REDIRECT"
l4redirect 0 "redirect to group RSG-BLOCK-REDIRECT"
traffic-class 0 "input default drop"
traffic-class 0 "output default drop"
Access-type: IP Client: Push Command-Handler
Policy event: Process Config
Profile name: 10.90.0.33, 3 references
username 0 "10.90.0.33"
ssg-account-info 0 "AFWPOL-BLOCK-REDIRECT"
Access-type: IP Client: SM
Policy event: Service Selection Request
Profile name: 10.90.0.33, 2 references
ssg-service-info 0 "QU;20480000;2560000;3840000;D;20480000;2560000;3840000"
accounting-list 0 "billing-auth"
addr 0 10.90.0.33
Rules, actions and conditions executed:
subscriber rule-map CTRL-IPOE
condition always event session-start
10 set-timer TIMER-AUTH 7200
20 authorize aaa list billing-auth identifier source-ip-address
subscriber rule-map default-internal-rule
condition always event service-start
1 service-policy type service identifier service-name
subscriber rule-map default-internal-rule
condition always event service-stop
1 service-policy type service unapply identifier service-name
subscriber rule-map default-internal-rule
condition always event service-start
1 service-policy type service identifier service-name
subscriber rule-map default-internal-rule
condition always event service-stop
1 service-policy type service unapply identifier service-name
Classifiers:
Class-id Dir Packets Bytes Pri. Definition
0 In 12979 1769117 0 Match Any
1 Out 16885 13161591 0 Match Any
Template Id : 17
Features:
Accounting:
Class-id Dir Packets Bytes Source
0 In 12331 1557153 Peruser
1 Out 17020 13078814 Peruser
Policing:
Class-id Dir Avg. Rate Normal Burst Excess Burst Source
0 In 20480000 2560000 3840000 Peruser
1 Out 20480000 2560000 3840000 Peruser
Configuration Sources:
Type Active Time AAA Service ID Name
USR 00:29:33 - Peruser
INT 00:29:33 - TenGigabitEthernet0/0/0
Debug on router
*Dec 1 04:44:03.905: ++++++ CoA Attribute List ++++++
*Dec 1 04:44:03.905: 7FEBCF9B4380 0 00000081 username(450) 10 10.90.0.33
*Dec 1 04:44:03.905: 7FEBCF9B3768 0 00000081 ssg-account-info(488) 11 S10.90.0.33
*Dec 1 04:44:03.905:
*Dec 1 04:44:03.905: CH-IDMGR: Entered ch_get_id_mgr_record
*Dec 1 04:44:03.905: SSS PM: CH-IDMGR: (00000000): "ssg-account-info" testing address 10.90.0.33
*Dec 1 04:44:03.905: SSS PM: CH-IDMGR: (00000000): ssg-account-info SSG:10.90.0.33
*Dec 1 04:44:03.905: CH-IDMGR: req id 0: next hop for ip 10.254.253.17 is TenGigabitEthernet0/0/0
*Dec 1 04:44:03.905: CH-IDMGR: IDMGR query request
*Dec 1 04:44:03.905: CH-IDMGR: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Entered ch_get_id_mgr_record_from_sess
*Dec 1 04:44:03.905: CH-IDMGR: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Query for all available information request
*Dec 1 04:44:03.905: CH-MAIN: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] processing a new CoA request
*Dec 1 04:44:03.905: CH-UTILS: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Entered ch_is_session_deactivating
*Dec 1 04:44:03.905: CH-MAIN: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Already processing CoA.Request queued for later processing
*Dec 1 04:44:06.905: RADIUS: COA received from id 116 172.1.1.2:37960, CoA Request, len 51
*Dec 1 04:44:06.905: COA: 172.1.1.2 request queued
*Dec 1 04:44:06.905: COA: This packet is likely a retransmission using an existing ident = 116, client 172.1.1.2
*Dec 1 04:44:06.905: RADIUS: authenticator 93 17 81 6A 61 C7 2D 0A - 0E BE 8C C5 B2 19 14 FE
*Dec 1 04:44:06.905: RADIUS: User-Name [1] 12 "10.90.0.33"
*Dec 1 04:44:06.905: RADIUS: Vendor, Cisco [26] 19
*Dec 1 04:44:06.905: RADIUS: ssg-account-info [250] 13 "S10.90.0.33"
*Dec 1 04:44:06.905: COA: Message Authenticator missing or failed decode
*Dec 1 04:44:06.905: ++++++ CoA Attribute List ++++++
*Dec 1 04:44:06.905: 7FEBCF9B40D0 0 00000081 username(450) 10 10.90.0.33
*Dec 1 04:44:06.905: 7FEBCF9B34B8 0 00000081 ssg-account-info(488) 11 S10.90.0.33
*Dec 1 04:44:06.905:
*Dec 1 04:44:06.905: CH-IDMGR: Entered ch_get_id_mgr_record
*Dec 1 04:44:06.905: SSS PM: CH-IDMGR: (00000000): "ssg-account-info" testing address 10.90.0.33
*Dec 1 04:44:06.905: SSS PM: CH-IDMGR: (00000000): ssg-account-info SSG:10.90.0.33
*Dec 1 04:44:06.905: CH-IDMGR: req id 0: next hop for ip 10.254.253.17 is TenGigabitEthernet0/0/0
*Dec 1 04:44:06.905: CH-IDMGR: IDMGR query request
*Dec 1 04:44:06.905: CH-IDMGR: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Entered ch_get_id_mgr_record_from_sess
*Dec 1 04:44:06.905: CH-IDMGR: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Query for all available information request
*Dec 1 04:44:06.905: CH-MAIN: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] processing a new CoA request
*Dec 1 04:44:06.906: CH-UTILS: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Entered ch_is_session_deactivating
*Dec 1 04:44:06.906: CH-MAIN: [7FEBC3FC0C88]10.90.0.33 :[uid:30][7FEBC5783910][AAA ID:61] Already processing CoA.Request queued for later processing
*Dec 1 04:44:09.891: SSF: Timer expired
*Dec 1 04:44:09.891: Subscriber Template: Idle Template timer expired.
*Dec 1 04:44:09.891: SSF: Restart 0 sec timer
*Dec 1 04:44:09.905: RADIUS: COA received from id 116 172.1.1.2:37960, CoA Request, len 51
*Dec 1 04:44:09.905: COA: 172.1.1.2 request queued
*Dec 1 04:44:09.905: COA: This packet is likely a retransmission using an existing ident = 116, client 172.1.1.2
*Dec 1 04:44:09.905: RADIUS: authenticator 93 17 81 6A 61 C7 2D 0A - 0E BE 8C C5 B2 19 14 FE
*Dec 1 04:44:09.905: RADIUS: User-Name [1] 12 "10.90.0.33"
*Dec 1 04:44:09.905: RADIUS: Vendor, Cisco [26] 19
*Dec 1 04:44:09.905: RADIUS: ssg-account-info [250] 13 "S10.90.0.33"
*Dec 1 04:44:09.905: COA: Message Authenticator missing or failed decode
--
С уважением,
Dmitry mailto:dmitry at zhigulinet.ru
More information about the cisco-nsp
mailing list