As you can see in the following debug logs, there is no User-name attribute sent to radius
server; that's why the answer is "Protocol error".
Could this be a bug? If not, can we stop such auth requests from reaching radius like we
do with the acct ones (aaa accounting suppress null-username)?
AS5300 (12.2(15)T7)
AS5350 (12.3(1a))
-----------------------------
Nov 25 14:52:02.120: RADIUS/ENCODE(00038385): ask "Username: "
Nov 25 14:52:02.120: RADIUS/ENCODE(00038385): send packet; GET_USER
Nov 25 14:52:03.064: RADIUS(00038385): Storing nasport 46 in rad_db
Nov 25 14:52:03.064: RADIUS(00038385): Config NAS IP: 194.219.x.x
Nov 25 14:52:03.064: RADIUS/ENCODE(00038385): acct_session_id: 378531
Nov 25 14:52:03.064: RADIUS(00038385): sending
Nov 25 14:52:03.064: RADIUS(00038385): Send Access-Request to 194.219.x.x:1812 id
21739/143, len 137
Nov 25 14:52:03.064: RADIUS: authenticator CA 95 A5 15 90 5B 06 02 - 6D 53 12 19 55 D8 F2 58
Nov 25 14:52:03.064: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 25 14:52:03.064: RADIUS: User-Password [2] 18 *
Nov 25 14:52:03.064: RADIUS: Calling-Station-Id [31] 12 "xxxxxxxxxx"
Nov 25 14:52:03.064: RADIUS: Called-Station-Id [30] 12 "xxxxxxxxxx"
Nov 25 14:52:03.064: RADIUS: NAS-Port-Type [61] 6 Async [0]
Nov 25 14:52:03.068: RADIUS: Vendor, Cisco [26] 15
Nov 25 14:52:03.068: RADIUS: cisco-nas-port [2] 9 "Async46"
Nov 25 14:52:03.068: RADIUS: NAS-Port [5] 6 46
Nov 25 14:52:03.068: RADIUS: Connect-Info [77] 30 "31200/28800 V34+/V42bis/LAPM"
Nov 25 14:52:03.068: RADIUS: Service-Type [6] 6 Framed [2]
Nov 25 14:52:03.068: RADIUS: NAS-IP-Address [4] 6 194.219.x.x
Nov 25 14:52:03.096: RADIUS: Received from id 21739/143 194.219.x.x:1812, Access-Reject,
len 36
Nov 25 14:52:03.096: RADIUS: authenticator A1 3B E5 24 2E B3 D6 E7 - CA DF BA FC 71 0D 6E 40
Nov 25 14:52:03.096: RADIUS: Reply-Message [18] 16
Nov 25 14:52:03.096: RADIUS: 50 72 6F 74 6F 63 6F 6C 20 65 72 72 6F 72 [Protocol
error]
Nov 25 14:52:03.096: RADIUS(00038385): Received from id 21739/143
Nov 25 14:52:03.096: RADIUS/DECODE: Reply-Message fragments, 14, total 14 bytes
--
***************************************
Chatzithomaoglou Anastasios
Network Design & Development Department
FORTHnet S.A.
<achatz@forthnet.gr>
***************************************
server; that's why the answer is "Protocol error".
Could this be a bug? If not, can we stop such auth requests from reaching radius like we
do with the acct ones (aaa accounting suppress null-username)?
AS5300 (12.2(15)T7)
AS5350 (12.3(1a))
-----------------------------
Nov 25 14:52:02.120: RADIUS/ENCODE(00038385): ask "Username: "
Nov 25 14:52:02.120: RADIUS/ENCODE(00038385): send packet; GET_USER
Nov 25 14:52:03.064: RADIUS(00038385): Storing nasport 46 in rad_db
Nov 25 14:52:03.064: RADIUS(00038385): Config NAS IP: 194.219.x.x
Nov 25 14:52:03.064: RADIUS/ENCODE(00038385): acct_session_id: 378531
Nov 25 14:52:03.064: RADIUS(00038385): sending
Nov 25 14:52:03.064: RADIUS(00038385): Send Access-Request to 194.219.x.x:1812 id
21739/143, len 137
Nov 25 14:52:03.064: RADIUS: authenticator CA 95 A5 15 90 5B 06 02 - 6D 53 12 19 55 D8 F2 58
Nov 25 14:52:03.064: RADIUS: Framed-Protocol [7] 6 PPP [1]
Nov 25 14:52:03.064: RADIUS: User-Password [2] 18 *
Nov 25 14:52:03.064: RADIUS: Calling-Station-Id [31] 12 "xxxxxxxxxx"
Nov 25 14:52:03.064: RADIUS: Called-Station-Id [30] 12 "xxxxxxxxxx"
Nov 25 14:52:03.064: RADIUS: NAS-Port-Type [61] 6 Async [0]
Nov 25 14:52:03.068: RADIUS: Vendor, Cisco [26] 15
Nov 25 14:52:03.068: RADIUS: cisco-nas-port [2] 9 "Async46"
Nov 25 14:52:03.068: RADIUS: NAS-Port [5] 6 46
Nov 25 14:52:03.068: RADIUS: Connect-Info [77] 30 "31200/28800 V34+/V42bis/LAPM"
Nov 25 14:52:03.068: RADIUS: Service-Type [6] 6 Framed [2]
Nov 25 14:52:03.068: RADIUS: NAS-IP-Address [4] 6 194.219.x.x
Nov 25 14:52:03.096: RADIUS: Received from id 21739/143 194.219.x.x:1812, Access-Reject,
len 36
Nov 25 14:52:03.096: RADIUS: authenticator A1 3B E5 24 2E B3 D6 E7 - CA DF BA FC 71 0D 6E 40
Nov 25 14:52:03.096: RADIUS: Reply-Message [18] 16
Nov 25 14:52:03.096: RADIUS: 50 72 6F 74 6F 63 6F 6C 20 65 72 72 6F 72 [Protocol
error]
Nov 25 14:52:03.096: RADIUS(00038385): Received from id 21739/143
Nov 25 14:52:03.096: RADIUS/DECODE: Reply-Message fragments, 14, total 14 bytes
--
***************************************
Chatzithomaoglou Anastasios
Network Design & Development Department
FORTHnet S.A.
<achatz@forthnet.gr>
***************************************