Mailing List Archive: 'interface-config" cisco av-pair

'interface-config" cisco av-pair

Jun 20, 2003, 6:59 AM

Post #1 of 5 (1491 views)

Interface-config seems not to be applied. Any idea why?

IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(6i), RELEASE SOFTWARE (fc1)
-----------------------------------------------------------------------------
Jun 20 16:44:04.950: Vi821 AAA/AUTHOR/LCP (3737647052): Method=FORTHNET-RADIUS-DSL (radius)
Jun 20 16:44:04.950: Vi821 AAA/AUTHOR (3737647052): Post authorization status = PASS_REPL
Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV service=ppp
Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV timeout=86400
Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV interface-config#2=rate-limit
output 384000 32000 32000 conform-action transmit exceed-action drop
Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV interface-config#1=rate-limit
input 128000 32000 32000 conform-action transmit exceed-action drop
Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Per-user interface config created:
timeout absolute 1440 0

Jun 20 16:44:04.958: Vi821 AAA/AUTHOR/FSM: (0): Can we start IPCP?

--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz@forthnet.gr>
***********************************

Re: 'interface-config" cisco av-pair [ In reply to ]

achatz at forthnet

Jun 20, 2003, 7:08 AM

Post #2 of 5 (1466 views)

Permalink

I just found the "virtual-profile aaa" command which solved my problem ;-)

Anastassios Chatzithomaoglou wrote:

> Interface-config seems not to be applied. Any idea why?
>
> IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(6i), RELEASE SOFTWARE
> (fc1)
> -----------------------------------------------------------------------------
>
> Jun 20 16:44:04.950: Vi821 AAA/AUTHOR/LCP (3737647052):
> Method=FORTHNET-RADIUS-DSL (radius)
> Jun 20 16:44:04.950: Vi821 AAA/AUTHOR (3737647052): Post authorization
> status = PASS_REPL
> Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV service=ppp
> Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV timeout=86400
> Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
> interface-config#2=rate-limit output 384000 32000 32000 conform-action
> transmit exceed-action drop
> Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
> interface-config#1=rate-limit input 128000 32000 32000 conform-action
> transmit exceed-action drop
> Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Per-user interface config
> created:
> timeout absolute 1440 0
>
> Jun 20 16:44:04.958: Vi821 AAA/AUTHOR/FSM: (0): Can we start IPCP?
>
>
>
>

--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz@forthnet.gr>
***********************************

Re: Re: 'interface-config" cisco av-pair [ In reply to ]

dpeng at cisco

Jun 20, 2003, 8:58 AM

Post #3 of 5 (1464 views)

Permalink

Note that starting from 12.3 and onward, the "virtual-profile aaa"
command is deprecated and we will automatically apply any
interface-config AVP received from the AAA server without an explicit
configuration. If you ever upgrade to 12.3 and then downgrade back to
an older release, the command will be removed from the configuration,
so you'll need to add it back in. Just something to keep in the back
of your mind.

Dennis

Anastassios Chatzithomaoglou [achatz@forthnet.gr] wrote:
> I just found the "virtual-profile aaa" command which solved my problem ;-)
>
> Anastassios Chatzithomaoglou wrote:
>
> >Interface-config seems not to be applied. Any idea why?
> >
> >IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(6i), RELEASE SOFTWARE
> >(fc1)
> >-----------------------------------------------------------------------------
> >
> >Jun 20 16:44:04.950: Vi821 AAA/AUTHOR/LCP (3737647052):
> >Method=FORTHNET-RADIUS-DSL (radius)
> >Jun 20 16:44:04.950: Vi821 AAA/AUTHOR (3737647052): Post authorization
> >status = PASS_REPL
> >Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV service=ppp
> >Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV timeout=86400
> >Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
> >interface-config#2=rate-limit output 384000 32000 32000 conform-action
> >transmit exceed-action drop
> >Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
> >interface-config#1=rate-limit input 128000 32000 32000 conform-action
> >transmit exceed-action drop
> >Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Per-user interface config
> >created:
> >timeout absolute 1440 0
> >
> >Jun 20 16:44:04.958: Vi821 AAA/AUTHOR/FSM: (0): Can we start IPCP?
> >
> >
> >
> >
>
> --
> ***********************************
> Chatzithomaoglou Anastasios
> Network Design & Operations Center
> FORTHnet S.A.
> <achatz@forthnet.gr>
> ***********************************
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nas

--
-------------------------------------------------------------------------
|| || Dennis Peng
|| || Cisco Systems, Inc. Escalation Engineer
|||| |||| 170 West Tasman Drive Phone: (408) 526-6143
..:||||||:..:||||||:.. San Jose, CA 95134 Fax: (408) 232-2343
Cisco Systems Inc. dpeng@cisco.com
-------------------------------------------------------------------------

Re: Re: 'interface-config" cisco av-pair [ In reply to ]

achatz at forthnet

Jun 23, 2003, 3:11 AM

Post #4 of 5 (1468 views)

Permalink

Does this command ("virtual-profile aaa") allow only lcp:interface-config attributes to be
passed per-user, or does it do something more?
I have a lot of other per-user commands that are applied without the need of this command.

Dennis Peng wrote:

> Note that starting from 12.3 and onward, the "virtual-profile aaa"
> command is deprecated and we will automatically apply any
> interface-config AVP received from the AAA server without an explicit
> configuration. If you ever upgrade to 12.3 and then downgrade back to
> an older release, the command will be removed from the configuration,
> so you'll need to add it back in. Just something to keep in the back
> of your mind.
>
> Dennis
>
> Anastassios Chatzithomaoglou [achatz@forthnet.gr] wrote:
>
>>I just found the "virtual-profile aaa" command which solved my problem ;-)
>>
>>Anastassios Chatzithomaoglou wrote:
>>
>>
>>>Interface-config seems not to be applied. Any idea why?
>>>
>>>IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(6i), RELEASE SOFTWARE
>>>(fc1)
>>>-----------------------------------------------------------------------------
>>>
>>>Jun 20 16:44:04.950: Vi821 AAA/AUTHOR/LCP (3737647052):
>>>Method=FORTHNET-RADIUS-DSL (radius)
>>>Jun 20 16:44:04.950: Vi821 AAA/AUTHOR (3737647052): Post authorization
>>>status = PASS_REPL
>>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV service=ppp
>>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV timeout=86400
>>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
>>>interface-config#2=rate-limit output 384000 32000 32000 conform-action
>>>transmit exceed-action drop
>>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
>>>interface-config#1=rate-limit input 128000 32000 32000 conform-action
>>>transmit exceed-action drop
>>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Per-user interface config
>>>created:
>>>timeout absolute 1440 0
>>>
>>>Jun 20 16:44:04.958: Vi821 AAA/AUTHOR/FSM: (0): Can we start IPCP?
>>>
>>>
>>>
>>>
>>
>>--
>>***********************************
>> Chatzithomaoglou Anastasios
>>Network Design & Operations Center
>> FORTHnet S.A.
>> <achatz@forthnet.gr>
>>***********************************
>>
>>_______________________________________________
>>cisco-nas mailing list
>>cisco-nas@puck.nether.net
>>http://puck.nether.net/mailman/listinfo/cisco-nas
>
>

--
***********************************
Chatzithomaoglou Anastasios
Network Design & Operations Center
FORTHnet S.A.
<achatz@forthnet.gr>
***********************************

Re: Re: 'interface-config" cisco av-pair [ In reply to ]

dpeng at cisco

Jun 23, 2003, 9:12 AM

Post #5 of 5 (1477 views)

Permalink

Anastassios Chatzithomaoglou [achatz@forthnet.gr] wrote:
> Does this command ("virtual-profile aaa") allow only lcp:interface-config
> attributes to be passed per-user, or does it do something more?

It is for the lcp:interface-config attribute only.

> I have a lot of other per-user commands that are applied without the need
> of this command.

Yep, exactly right. So it didn't make a lot of sense to make the
interface-config attribute a special case, and we now just apply it
automatically if it is sent in the user profile.

Dennis

> Dennis Peng wrote:
>
> >Note that starting from 12.3 and onward, the "virtual-profile aaa"
> >command is deprecated and we will automatically apply any
> >interface-config AVP received from the AAA server without an explicit
> >configuration. If you ever upgrade to 12.3 and then downgrade back to
> >an older release, the command will be removed from the configuration,
> >so you'll need to add it back in. Just something to keep in the back
> >of your mind.
> >
> >Dennis
> >
> >Anastassios Chatzithomaoglou [achatz@forthnet.gr] wrote:
> >
> >>I just found the "virtual-profile aaa" command which solved my problem ;-)
> >>
> >>Anastassios Chatzithomaoglou wrote:
> >>
> >>
> >>>Interface-config seems not to be applied. Any idea why?
> >>>
> >>>IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(6i), RELEASE SOFTWARE
> >>>(fc1)
> >>>-----------------------------------------------------------------------------
> >>>
> >>>Jun 20 16:44:04.950: Vi821 AAA/AUTHOR/LCP (3737647052):
> >>>Method=FORTHNET-RADIUS-DSL (radius)
> >>>Jun 20 16:44:04.950: Vi821 AAA/AUTHOR (3737647052): Post authorization
> >>>status = PASS_REPL
> >>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV service=ppp
> >>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV timeout=86400
> >>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
> >>>interface-config#2=rate-limit output 384000 32000 32000 conform-action
> >>>transmit exceed-action drop
> >>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Processing AV
> >>>interface-config#1=rate-limit input 128000 32000 32000 conform-action
> >>>transmit exceed-action drop
> >>>Jun 20 16:44:04.954: Vi821 AAA/AUTHOR/LCP: Per-user interface config
> >>>created:
> >>>timeout absolute 1440 0
> >>>
> >>>Jun 20 16:44:04.958: Vi821 AAA/AUTHOR/FSM: (0): Can we start IPCP?
> >>>
> >>>
> >>>
> >>>
> >>
> >>--
> >>***********************************
> >> Chatzithomaoglou Anastasios
> >>Network Design & Operations Center
> >> FORTHnet S.A.
> >> <achatz@forthnet.gr>
> >>***********************************
> >>
> >>_______________________________________________
> >>cisco-nas mailing list
> >>cisco-nas@puck.nether.net
> >>http://puck.nether.net/mailman/listinfo/cisco-nas
> >
> >
>
> --
> ***********************************
> Chatzithomaoglou Anastasios
> Network Design & Operations Center
> FORTHnet S.A.
> <achatz@forthnet.gr>
> ***********************************