[rbak-nsp] Cisco AS5300 L2TP forwarding to Redback SmartEdge
Frans Legdeur
frans at falco-networks.com
Tue Mar 16 16:36:56 EDT 2010
Hi Carl,
Looking through the more interesting part of your output:
<snip>
Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
Cannot bind subscriber <user>@zen.net.uk to valid context
Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-3-ERR: aaa_idx 10000002: Can't
find pvd_idx ffffffff
Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
aaa_remove_session_from_trees: remove session that is not bound to any
context yet
</snip>
It looks like the zen.net.uk can¹t be found as a valid context.
You can solve this by adding a domain to the context like:
!
context zen
domain zen.net.uk
!
Or that you would like Radius to sort this out for you, but then you still
need to get the subscriber forwarder to the radius server.
Add the following statements:
!
aaa global authentication subscriber radius context local
aaa last-resort context lastresort
!
context local
!
interface mgmt
ip address 172.16.10.51/24
!
radius server 172.16.10.10 encrypted-key BF4F4B13CDD80C61 oldports
!
!
context lastresort
!
aaa authentication subscriber global
!
! ** End Context **
This will help to guide subscriber with unknown domains to be guided to the
global authentication method.
It will be directed to lastresort first, at which it would be re-directed to
the global authentication, which points to the radius server at the local
context.
(If you can still follow this detour... This strange authentication method
is introduced by the SmartEdge, former SMS platform had a simple direction
for global or local authentication ;-)
I hope you will be able to find your problem, so far this looks the best I
can advice.
Kind regards,
Frans.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20100316/a46476e6/attachment.html>
More information about the redback-nsp
mailing list