Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NAS
strange double AUTH'ing for same PPP sessions with AS5300/12.2(15)T9
gk at pop-interactive
Jan 22, 2004, 4:25 PM
Post #1 of 4 (1277 views)
Permalink
Hi,

after an IOS update we have some trouble with AUTH'ing normal
PPP sessions. When users connecting to the NAS without MultiLink
PPP, the AUTH'ing against the RADIUS servers will be made two times!

Even this is not weird enough the main significant difference between
the two is AUTH'ings is, that during the second AUTH'ing no CLID's are
included within the AUTH-REQ packets (we have sniffed this) but we
rely on this :(.

Have someone out there an idea why this can happen?

normal AUTH'ing with 12.1(17):
------------------------------

00:18:01.866: Se3:29 PPP: Treating connection as a callin
00:18:01.866: Se3:29 PPP: Phase is ESTABLISHING, Passive Open
00:18:01.866: Se3:29 LCP: State is Listen
00:18:01.906: ISDN Se3:15: received CALL_PROGRESSing call_id 0x42DF
00:18:02.494: Se3:29 LCP: I CONFREQ [Listen] id 1 len 26
00:18:02.494: Se3:29 LCP: MRU 1524 (0x010405F4)
00:18:02.494: Se3:29 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
00:18:02.494: Se3:29 LCP: MagicNumber 0x44D4DA36 (0x050644D4DA36)
00:18:02.494: Se3:29 LCP: PFC (0x0702)
00:18:02.494: Se3:29 LCP: ACFC (0x0802)
00:18:02.494: Se3:29 LCP: O CONFREQ [Listen] id 182 len 28
00:18:02.494: Se3:29 LCP: AuthProto PAP (0x0304C023)
00:18:02.494: Se3:29 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
00:18:02.494: Se3:29 LCP: MRRU 1524 (0x110405F4)
00:18:02.494: Se3:29 LCP: EndpointDisc 1 Local (0x130A0161732D706F7069)
00:18:02.494: Se3:29 LCP: O CONFACK [Listen] id 1 len 26
00:18:02.494: Se3:29 LCP: MRU 1524 (0x010405F4)
00:18:02.498: Se3:29 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
00:18:02.498: Se3:29 LCP: MagicNumber 0x44D4DA36 (0x050644D4DA36)
00:18:02.498: Se3:29 LCP: PFC (0x0702)
00:18:02.498: Se3:29 LCP: ACFC (0x0802)
00:18:02.558: Se3:29 LCP: I CONFREJ [ACKsent] id 182 len 18
00:18:02.558: Se3:29 LCP: MRRU 1524 (0x110405F4)
00:18:02.558: Se3:29 LCP: EndpointDisc 1 Local (0x130A0161732D706F7069)
00:18:02.558: Se3:29 LCP: O CONFREQ [ACKsent] id 183 len 14
00:18:02.558: Se3:29 LCP: AuthProto PAP (0x0304C023)
00:18:02.558: Se3:29 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
00:18:02.594: Se3:29 LCP: I CONFACK [ACKsent] id 183 len 14
00:18:02.594: Se3:29 LCP: AuthProto PAP (0x0304C023)
00:18:02.594: Se3:29 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
00:18:02.594: Se3:29 LCP: State is Open
00:18:02.598: Se3:29 PPP: Phase is AUTHENTICATING, by this end
00:18:02.602: Se3:29 PAP: I AUTH-REQ id 1 len 19 from "henne"
00:18:02.602: Se3:29 PPP: Phase is FORWARDING
00:18:02.602: Se3:29 PPP: Phase is AUTHENTICATING
00:18:02.602: Se3:29 PAP: Authenticating peer henne
00:18:02.718: Se3:29 PAP: O AUTH-ACK id 1 len 5
00:18:02.718: Se3:29 DDR: Authenticated host henne with no matching dialer map

00:18:02.762: Vi104 PPP: Using set call direction
00:18:02.762: Vi104 PPP: Treating connection as a callin
00:18:02.762: Vi104 PPP: Phase is ESTABLISHING, Passive Open
00:18:02.762: Vi104 LCP: State is Listen
00:18:02.762: Se3:29 PPP: Phase is FORWARDED
00:18:02.762: Vi104 LCP: I FORCED CONFREQ len 10
00:18:02.762: Vi104 LCP: AuthProto PAP (0x0304C023)
00:18:02.762: Vi104 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
00:18:02.762: Vi104 PPP: Phase is UP
00:18:02.766: Vi104 IPCP: O CONFREQ [Closed] id 219 len 10
00:18:02.766: Vi104 IPCP: Address 212.79.63.223 (0x0306D44F3FDF)
00:18:02.806: Vi104 IPCP: I CONFREQ [REQsent] id 1 len 10
00:18:02.806: Vi104 IPCP: Address 0.0.0.0 (0x030600000000)
00:18:02.806: Vi104 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
...


double AUTH'ing with 12.2(15)T9:
--------------------------------


23:47:40.405: Se3:3 PPP: Using dialer call direction
23:47:40.405: Se3:3 PPP: Treating connection as a callin
23:47:40.405: Se3:3 PPP: Phase is ESTABLISHING, Passive Open
23:47:40.405: Se3:3 LCP: State is Listen
23:47:41.001: Se3:3 LCP: I CONFREQ [Listen] id 1 len 26
23:47:41.001: Se3:3 LCP: MRU 1524 (0x010405F4)
23:47:41.001: Se3:3 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
23:47:41.001: Se3:3 LCP: MagicNumber 0xB91CEA37 (0x0506B91CEA37)
23:47:41.005: Se3:3 LCP: PFC (0x0702)
23:47:41.005: Se3:3 LCP: ACFC (0x0802)
23:47:41.005: Se3:3 PPP: Authorization required
23:47:41.005: Se3:3 LCP: O CONFREQ [Listen] id 254 len 28
23:47:41.005: Se3:3 LCP: AuthProto PAP (0x0304C023)
23:47:41.005: Se3:3 LCP: MagicNumber 0x378525F8 (0x0506378525F8)
23:47:41.005: Se3:3 LCP: MRRU 1524 (0x110405F4)
23:47:41.005: Se3:3 LCP: EndpointDisc 1 as-popi (0x130A0161732D706F7069)
23:47:41.005: Se3:3 LCP: O CONFACK [Listen] id 1 len 26
23:47:41.005: Se3:3 LCP: MRU 1524 (0x010405F4)
23:47:41.005: Se3:3 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
23:47:41.005: Se3:3 LCP: MagicNumber 0xB91CEA37 (0x0506B91CEA37)
23:47:41.005: Se3:3 LCP: PFC (0x0702)
23:47:41.005: Se3:3 LCP: ACFC (0x0802)
23:47:41.045: Se3:3 LCP: I CONFREJ [ACKsent] id 254 len 18
23:47:41.045: Se3:3 LCP: MRRU 1524 (0x110405F4)
23:47:41.045: Se3:3 LCP: EndpointDisc 1 as-popi (0x130A0161732D706F7069)
23:47:41.045: Se3:3 LCP: O CONFREQ [ACKsent] id 255 len 14
23:47:41.045: Se3:3 LCP: AuthProto PAP (0x0304C023)
23:47:41.045: Se3:3 LCP: MagicNumber 0x378525F8 (0x0506378525F8)
23:47:41.081: Se3:3 LCP: I CONFACK [ACKsent] id 255 len 14
23:47:41.081: Se3:3 LCP: AuthProto PAP (0x0304C023)
23:47:41.085: Se3:3 LCP: MagicNumber 0x378525F8 (0x0506378525F8)
23:47:41.085: Se3:3 LCP: State is Open
23:47:41.085: Se3:3 PPP: Phase is AUTHENTICATING, by this end
23:47:41.085: Se3:3 PAP: I AUTH-REQ id 1 len 19 from "henne"
23:47:41.085: Se3:3 PAP: Authenticating peer henne
23:47:41.089: Se3:3 PPP: Phase is FORWARDING, Attempting Forward
23:47:41.089: Se3:3 PPP: Phase is AUTHENTICATING, Unauthenticated User
23:47:41.089: Se3:3 PPP: Sent PAP LOGIN Request
23:47:41.137: Se3:3 PPP: Received LOGIN Response PASS
23:47:41.137: Se3:3 PPP: Phase is FORWARDING, Attempting Forward
23:47:41.137: Se3:3 PPP: Phase is AUTHENTICATING, Authenticated User
23:47:41.137: Se3:3 DDR: Remote name for henne
23:47:41.137: Se3:3 DDR: Authenticated host henne with no matching dialer map
23:47:41.137: Se3:3 PAP: O AUTH-ACK id 1 len 5
23:47:41.141: Se3:3 PPP: Phase is FORWARDING
23:47:41.153: Se3:3 PPP: Phase is FORWARDED
23:47:41.153: Se3:3 PPP: Process pending packets

23:47:41.157: Vi24 PPP: Using vpn set call direction
23:47:41.157: Vi24 PPP: Treating connection as a callin
23:47:41.157: Vi24 PPP: Phase is ESTABLISHING, Passive Open
23:47:41.157: Vi24 LCP: State is Listen
23:47:41.225: Vi24 IPCP: LCP not open, discarding packet
23:47:42.081: Vi24 LQR: LCP not open, discarding packet
23:47:43.077: Vi24 LQR: LCP not open, discarding packet
23:47:43.169: Vi24 LCP: TIMEout: State Listen
23:47:43.169: Vi24 PPP: Authorization required
23:47:43.169: Vi24 LCP: O CONFREQ [Listen] id 62 len 14
23:47:43.169: Vi24 LCP: AuthProto PAP (0x0304C023)
23:47:43.169: Vi24 LCP: MagicNumber 0x37852E6E (0x050637852E6E)
23:47:43.241: Vi24 LCP: I CONFREQ [REQsent] id 2 len 26
23:47:43.241: Vi24 LCP: MRU 1524 (0x010405F4)
23:47:43.241: Vi24 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
23:47:43.241: Vi24 LCP: MagicNumber 0x99469280 (0x050699469280)
23:47:43.241: Vi24 LCP: PFC (0x0702)
23:47:43.241: Vi24 LCP: ACFC (0x0802)
23:47:43.241: Vi24 LCP: O CONFACK [REQsent] id 2 len 26
23:47:43.241: Vi24 LCP: MRU 1524 (0x010405F4)
23:47:43.241: Vi24 LCP: QualityType 0xC025 period 1000 (0x0408C025000003E8)
23:47:43.241: Vi24 LCP: MagicNumber 0x99469280 (0x050699469280)
23:47:43.241: Vi24 LCP: PFC (0x0702)
23:47:43.241: Vi24 LCP: ACFC (0x0802)
23:47:43.245: Vi24 LCP: I CONFACK [ACKsent] id 62 len 14
23:47:43.245: Vi24 LCP: AuthProto PAP (0x0304C023)
23:47:43.245: Vi24 LCP: MagicNumber 0x37852E6E (0x050637852E6E)
23:47:43.245: Vi24 LCP: State is Open
23:47:43.245: Vi24 PPP: Phase is AUTHENTICATING, by this end
23:47:43.281: Vi24 PAP: I AUTH-REQ id 1 len 19 from "henne"
23:47:43.281: Vi24 PAP: Authenticating peer henne
23:47:43.281: Vi24 PPP: Sent PAP LOGIN Request
23:47:43.329: Vi24 PPP: Received LOGIN Response PASS
23:47:43.329: Vi24 PAP: O AUTH-ACK id 1 len 5
23:47:43.329: Vi24 PPP: Phase is UP
23:47:43.329: Vi24 IPCP: O CONFREQ [Closed] id 1 len 10
23:47:43.329: Vi24 IPCP: Address 212.79.63.223 (0x0306D44F3FDF)
23:47:43.329: Vi24 PPP: Process pending packets
23:47:43.413: Vi24 IPCP: I CONFREQ [REQsent] id 1 len 10
23:47:43.413: Vi24 IPCP: Address 0.0.0.0 (0x030600000000)
23:47:43.413: Vi24 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
...



thx
Gerald
RE: strange double AUTH'ing for same PPP sessions withAS5300/12.2(15)T9 [ In reply to ]
dsladden at cisco
Jan 23, 2004, 12:54 AM
Post #2 of 4 (1248 views)
Permalink
Gerald,

Could you be executing a DNIS pre-authentication then an
AUTH request ?

Regards,
Darryl Sladden
CCMSBU Product Manager
dsladden@cisco.com
Phone: 408-525-8970
Cell: 408-390-3781
Pager: 800-365-4578
Cisco Systems Inc.

> -----Original Message-----
> From: cisco-nas-bounces@puck.nether.net
> [mailto:cisco-nas-bounces@puck.nether.net] On Behalf Of Gerald Krause
> Sent: Thursday, January 22, 2004 3:25 PM
> To: cisco-nas@puck.nether.net
> Subject: [cisco-nas] strange double AUTH'ing for same PPP
> sessions withAS5300/12.2(15)T9
>
>
> Hi,
>
> after an IOS update we have some trouble with AUTH'ing normal
> PPP sessions. When users connecting to the NAS without MultiLink
> PPP, the AUTH'ing against the RADIUS servers will be made two times!
>
> Even this is not weird enough the main significant difference between
> the two is AUTH'ings is, that during the second AUTH'ing no CLID's are
> included within the AUTH-REQ packets (we have sniffed this) but we
> rely on this :(.
>
> Have someone out there an idea why this can happen?
>
> normal AUTH'ing with 12.1(17):
> ------------------------------
>
> 00:18:01.866: Se3:29 PPP: Treating connection as a callin
> 00:18:01.866: Se3:29 PPP: Phase is ESTABLISHING, Passive Open
> 00:18:01.866: Se3:29 LCP: State is Listen
> 00:18:01.906: ISDN Se3:15: received CALL_PROGRESSing call_id 0x42DF
> 00:18:02.494: Se3:29 LCP: I CONFREQ [Listen] id 1 len 26
> 00:18:02.494: Se3:29 LCP: MRU 1524 (0x010405F4)
> 00:18:02.494: Se3:29 LCP: QualityType 0xC025 period 1000
> (0x0408C025000003E8)
> 00:18:02.494: Se3:29 LCP: MagicNumber 0x44D4DA36 (0x050644D4DA36)
> 00:18:02.494: Se3:29 LCP: PFC (0x0702)
> 00:18:02.494: Se3:29 LCP: ACFC (0x0802)
> 00:18:02.494: Se3:29 LCP: O CONFREQ [Listen] id 182 len 28
> 00:18:02.494: Se3:29 LCP: AuthProto PAP (0x0304C023)
> 00:18:02.494: Se3:29 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
> 00:18:02.494: Se3:29 LCP: MRRU 1524 (0x110405F4)
> 00:18:02.494: Se3:29 LCP: EndpointDisc 1 Local
> (0x130A0161732D706F7069)
> 00:18:02.494: Se3:29 LCP: O CONFACK [Listen] id 1 len 26
> 00:18:02.494: Se3:29 LCP: MRU 1524 (0x010405F4)
> 00:18:02.498: Se3:29 LCP: QualityType 0xC025 period 1000
> (0x0408C025000003E8)
> 00:18:02.498: Se3:29 LCP: MagicNumber 0x44D4DA36 (0x050644D4DA36)
> 00:18:02.498: Se3:29 LCP: PFC (0x0702)
> 00:18:02.498: Se3:29 LCP: ACFC (0x0802)
> 00:18:02.558: Se3:29 LCP: I CONFREJ [ACKsent] id 182 len 18
> 00:18:02.558: Se3:29 LCP: MRRU 1524 (0x110405F4)
> 00:18:02.558: Se3:29 LCP: EndpointDisc 1 Local
> (0x130A0161732D706F7069)
> 00:18:02.558: Se3:29 LCP: O CONFREQ [ACKsent] id 183 len 14
> 00:18:02.558: Se3:29 LCP: AuthProto PAP (0x0304C023)
> 00:18:02.558: Se3:29 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
> 00:18:02.594: Se3:29 LCP: I CONFACK [ACKsent] id 183 len 14
> 00:18:02.594: Se3:29 LCP: AuthProto PAP (0x0304C023)
> 00:18:02.594: Se3:29 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
> 00:18:02.594: Se3:29 LCP: State is Open
> 00:18:02.598: Se3:29 PPP: Phase is AUTHENTICATING, by this end
> 00:18:02.602: Se3:29 PAP: I AUTH-REQ id 1 len 19 from "henne"
> 00:18:02.602: Se3:29 PPP: Phase is FORWARDING
> 00:18:02.602: Se3:29 PPP: Phase is AUTHENTICATING
> 00:18:02.602: Se3:29 PAP: Authenticating peer henne
> 00:18:02.718: Se3:29 PAP: O AUTH-ACK id 1 len 5
> 00:18:02.718: Se3:29 DDR: Authenticated host henne with no
> matching dialer map
>
> 00:18:02.762: Vi104 PPP: Using set call direction
> 00:18:02.762: Vi104 PPP: Treating connection as a callin
> 00:18:02.762: Vi104 PPP: Phase is ESTABLISHING, Passive Open
> 00:18:02.762: Vi104 LCP: State is Listen
> 00:18:02.762: Se3:29 PPP: Phase is FORWARDED
> 00:18:02.762: Vi104 LCP: I FORCED CONFREQ len 10
> 00:18:02.762: Vi104 LCP: AuthProto PAP (0x0304C023)
> 00:18:02.762: Vi104 LCP: MagicNumber 0xB4FF1EBE (0x0506B4FF1EBE)
> 00:18:02.762: Vi104 PPP: Phase is UP
> 00:18:02.766: Vi104 IPCP: O CONFREQ [Closed] id 219 len 10
> 00:18:02.766: Vi104 IPCP: Address 212.79.63.223 (0x0306D44F3FDF)
> 00:18:02.806: Vi104 IPCP: I CONFREQ [REQsent] id 1 len 10
> 00:18:02.806: Vi104 IPCP: Address 0.0.0.0 (0x030600000000)
> 00:18:02.806: Vi104 AAA/AUTHOR/IPCP: Start. Her address
> 0.0.0.0, we want 0.0.0.0
> ...
>
>
> double AUTH'ing with 12.2(15)T9:
> --------------------------------
>
>
> 23:47:40.405: Se3:3 PPP: Using dialer call direction
> 23:47:40.405: Se3:3 PPP: Treating connection as a callin
> 23:47:40.405: Se3:3 PPP: Phase is ESTABLISHING, Passive Open
> 23:47:40.405: Se3:3 LCP: State is Listen
> 23:47:41.001: Se3:3 LCP: I CONFREQ [Listen] id 1 len 26
> 23:47:41.001: Se3:3 LCP: MRU 1524 (0x010405F4)
> 23:47:41.001: Se3:3 LCP: QualityType 0xC025 period 1000
> (0x0408C025000003E8)
> 23:47:41.001: Se3:3 LCP: MagicNumber 0xB91CEA37 (0x0506B91CEA37)
> 23:47:41.005: Se3:3 LCP: PFC (0x0702)
> 23:47:41.005: Se3:3 LCP: ACFC (0x0802)
> 23:47:41.005: Se3:3 PPP: Authorization required
> 23:47:41.005: Se3:3 LCP: O CONFREQ [Listen] id 254 len 28
> 23:47:41.005: Se3:3 LCP: AuthProto PAP (0x0304C023)
> 23:47:41.005: Se3:3 LCP: MagicNumber 0x378525F8 (0x0506378525F8)
> 23:47:41.005: Se3:3 LCP: MRRU 1524 (0x110405F4)
> 23:47:41.005: Se3:3 LCP: EndpointDisc 1 as-popi
> (0x130A0161732D706F7069)
> 23:47:41.005: Se3:3 LCP: O CONFACK [Listen] id 1 len 26
> 23:47:41.005: Se3:3 LCP: MRU 1524 (0x010405F4)
> 23:47:41.005: Se3:3 LCP: QualityType 0xC025 period 1000
> (0x0408C025000003E8)
> 23:47:41.005: Se3:3 LCP: MagicNumber 0xB91CEA37 (0x0506B91CEA37)
> 23:47:41.005: Se3:3 LCP: PFC (0x0702)
> 23:47:41.005: Se3:3 LCP: ACFC (0x0802)
> 23:47:41.045: Se3:3 LCP: I CONFREJ [ACKsent] id 254 len 18
> 23:47:41.045: Se3:3 LCP: MRRU 1524 (0x110405F4)
> 23:47:41.045: Se3:3 LCP: EndpointDisc 1 as-popi
> (0x130A0161732D706F7069)
> 23:47:41.045: Se3:3 LCP: O CONFREQ [ACKsent] id 255 len 14
> 23:47:41.045: Se3:3 LCP: AuthProto PAP (0x0304C023)
> 23:47:41.045: Se3:3 LCP: MagicNumber 0x378525F8 (0x0506378525F8)
> 23:47:41.081: Se3:3 LCP: I CONFACK [ACKsent] id 255 len 14
> 23:47:41.081: Se3:3 LCP: AuthProto PAP (0x0304C023)
> 23:47:41.085: Se3:3 LCP: MagicNumber 0x378525F8 (0x0506378525F8)
> 23:47:41.085: Se3:3 LCP: State is Open
> 23:47:41.085: Se3:3 PPP: Phase is AUTHENTICATING, by this end
> 23:47:41.085: Se3:3 PAP: I AUTH-REQ id 1 len 19 from "henne"
> 23:47:41.085: Se3:3 PAP: Authenticating peer henne
> 23:47:41.089: Se3:3 PPP: Phase is FORWARDING, Attempting Forward
> 23:47:41.089: Se3:3 PPP: Phase is AUTHENTICATING, Unauthenticated User
> 23:47:41.089: Se3:3 PPP: Sent PAP LOGIN Request
> 23:47:41.137: Se3:3 PPP: Received LOGIN Response PASS
> 23:47:41.137: Se3:3 PPP: Phase is FORWARDING, Attempting Forward
> 23:47:41.137: Se3:3 PPP: Phase is AUTHENTICATING, Authenticated User
> 23:47:41.137: Se3:3 DDR: Remote name for henne
> 23:47:41.137: Se3:3 DDR: Authenticated host henne with no
> matching dialer map
> 23:47:41.137: Se3:3 PAP: O AUTH-ACK id 1 len 5
> 23:47:41.141: Se3:3 PPP: Phase is FORWARDING
> 23:47:41.153: Se3:3 PPP: Phase is FORWARDED
> 23:47:41.153: Se3:3 PPP: Process pending packets
>
> 23:47:41.157: Vi24 PPP: Using vpn set call direction
> 23:47:41.157: Vi24 PPP: Treating connection as a callin
> 23:47:41.157: Vi24 PPP: Phase is ESTABLISHING, Passive Open
> 23:47:41.157: Vi24 LCP: State is Listen
> 23:47:41.225: Vi24 IPCP: LCP not open, discarding packet
> 23:47:42.081: Vi24 LQR: LCP not open, discarding packet
> 23:47:43.077: Vi24 LQR: LCP not open, discarding packet
> 23:47:43.169: Vi24 LCP: TIMEout: State Listen
> 23:47:43.169: Vi24 PPP: Authorization required
> 23:47:43.169: Vi24 LCP: O CONFREQ [Listen] id 62 len 14
> 23:47:43.169: Vi24 LCP: AuthProto PAP (0x0304C023)
> 23:47:43.169: Vi24 LCP: MagicNumber 0x37852E6E (0x050637852E6E)
> 23:47:43.241: Vi24 LCP: I CONFREQ [REQsent] id 2 len 26
> 23:47:43.241: Vi24 LCP: MRU 1524 (0x010405F4)
> 23:47:43.241: Vi24 LCP: QualityType 0xC025 period 1000
> (0x0408C025000003E8)
> 23:47:43.241: Vi24 LCP: MagicNumber 0x99469280 (0x050699469280)
> 23:47:43.241: Vi24 LCP: PFC (0x0702)
> 23:47:43.241: Vi24 LCP: ACFC (0x0802)
> 23:47:43.241: Vi24 LCP: O CONFACK [REQsent] id 2 len 26
> 23:47:43.241: Vi24 LCP: MRU 1524 (0x010405F4)
> 23:47:43.241: Vi24 LCP: QualityType 0xC025 period 1000
> (0x0408C025000003E8)
> 23:47:43.241: Vi24 LCP: MagicNumber 0x99469280 (0x050699469280)
> 23:47:43.241: Vi24 LCP: PFC (0x0702)
> 23:47:43.241: Vi24 LCP: ACFC (0x0802)
> 23:47:43.245: Vi24 LCP: I CONFACK [ACKsent] id 62 len 14
> 23:47:43.245: Vi24 LCP: AuthProto PAP (0x0304C023)
> 23:47:43.245: Vi24 LCP: MagicNumber 0x37852E6E (0x050637852E6E)
> 23:47:43.245: Vi24 LCP: State is Open
> 23:47:43.245: Vi24 PPP: Phase is AUTHENTICATING, by this end
> 23:47:43.281: Vi24 PAP: I AUTH-REQ id 1 len 19 from "henne"
> 23:47:43.281: Vi24 PAP: Authenticating peer henne
> 23:47:43.281: Vi24 PPP: Sent PAP LOGIN Request
> 23:47:43.329: Vi24 PPP: Received LOGIN Response PASS
> 23:47:43.329: Vi24 PAP: O AUTH-ACK id 1 len 5
> 23:47:43.329: Vi24 PPP: Phase is UP
> 23:47:43.329: Vi24 IPCP: O CONFREQ [Closed] id 1 len 10
> 23:47:43.329: Vi24 IPCP: Address 212.79.63.223 (0x0306D44F3FDF)
> 23:47:43.329: Vi24 PPP: Process pending packets
> 23:47:43.413: Vi24 IPCP: I CONFREQ [REQsent] id 1 len 10
> 23:47:43.413: Vi24 IPCP: Address 0.0.0.0 (0x030600000000)
> 23:47:43.413: Vi24 AAA/AUTHOR/IPCP: Start. Her address
> 0.0.0.0, we want 0.0.0.0
> ...
>
>
>
> thx
> Gerald
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
Re: strange double AUTH'ing for same PPP sessions withAS5300/12.2(15)T9 [ In reply to ]
gk at pop-interactive
Jan 23, 2004, 1:56 AM
Post #3 of 4 (1276 views)
Permalink
Darryl Sladden wrote:
> Gerald,
>
> Could you be executing a DNIS pre-authentication then an
> AUTH request ?
Hello Darryl,

DNIS pre-authentication is not what we want and we have no
pre-authentication configured:

as-popi#sh run | inc aaa
aaa new-model
aaa session-mib disconnect (<- thats why we have upgraded to 12.2(15)T9)
aaa group server radius popi
aaa authentication login default local enable
aaa authentication ppp default if-needed group popi
aaa authorization network default if-authenticated none
aaa authorization configuration default group popi
aaa accounting delay-start
aaa accounting network default start-stop group popi
aaa route download 30
aaa session-id common
dialer aaa
dialer aaa

The problem occurs only when the session mode become VDP.
If the mode become MLP no second AUTH'ing will be made and
all is fine:

- VDP Session:
AS5300:
Vi231 henne VDP 00:00:25 195.222.xxx.xxx
Se2:4 henne Sync PPP 00:00:28
RADIUS:
Fri Jan 23 09:47:04 2004 : Auth: Login OK: [henne] (from client AS-POPi port 20204 cli 4211633795)
Fri Jan 23 09:47:07 2004 : Auth: Login OK: [henne] (from client AS-POPi port 231)

- MLP Session:
AS5300:
Vi318 dataplot MLP Bundle 00:00:06 195.222.xxx.xxx
Se2:30 dataplot Sync PPP - Bundle: Vi318
RADIUS:
Fri Jan 23 09:48:31 2004 : Auth: Login OK: [dataplot] (from client AS-POPi port 20327 cli 4193995166)



Gerald
Re: strange double AUTH'ing for same PPP sessions with AS5300/12.2(15)T9 [ In reply to ]
gk at pop-interactive
Jan 27, 2004, 1:52 AM
Post #4 of 4 (1246 views)
Permalink
We've got more trouble each day - yesterday we have noticed,
that some Windows95 clients can not connect to our NAS anymore.
We had to move them to an other AS5300 we have not updated so
far.

Can someone suggest an IOS version which is able to handle
"aaa session-mib disconnect" and which is stabler then
12.2(15)T9? We used 12.1(17) until now but we need the SNMP
disconnect feature soon... :-/


Gerald

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal