Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NAS
PPPoE radius attributes
edgarz at dtg
Nov 9, 2008, 8:44 AM
Post #1 of 4 (8743 views)
Permalink
Hello!

I'm running pppoe server on cisco 2801, everything works except one thing. Cisco do not apply received parameters from radius server.


cisco debug:
.Nov 9 13:58:04.271: PPPoE 0: I PADI R:0019.d133.551e L:ffff.ffff.ffff 33 Fa0/1.33
.Nov 9 13:58:04.271: Service tag: NULL Tag
.Nov 9 13:58:04.271: PPPoE 0: O PADO, R:001a.e23e.6bdd L:0019.d133.551e 33 Fa0/1.33
.Nov 9 13:58:04.271: Service tag: NULL Tag
.Nov 9 13:58:04.271: PPPoE 0: I PADR R:0019.d133.551e L:001a.e23e.6bdd 33 Fa0/1.33
.Nov 9 13:58:04.271: Service tag: NULL Tag
.Nov 9 13:58:04.271: PPPoE : encap string prepared
.Nov 9 13:58:04.271: [365]PPPoE 364: Access IE handle allocated
.Nov 9 13:58:04.275: [365]PPPoE 364: pppoe SSS switch updated
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get retrieved attrs
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get nas port details
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA unique ID allocated
.Nov 9 13:58:04.275: [365]PPPoE 364: AAA method list set
.Nov 9 13:58:04.275: [365]PPPoE 364: Service request sent to SSS
.Nov 9 13:58:04.279: [365]PPPoE 364: Created, Service: None R:001a.e23e.6bdd L:0019.d133.551e 33 Fa0/1.33
.Nov 9 13:58:04.279: [365]PPPoE 364: State NAS_PORT_POLICY_INQUIRY Event SSS_LOCAL
.Nov 9 13:58:04.279: [365]PPPoE 364: O PADS R:0019.d133.551e L:001a.e23e.6bdd Fa0/1.33
panorama_plaza-gw#
.Nov 9 13:58:04.283: [365]PPPoE 364: State PPP_START Event DYN_BIND
.Nov 9 13:58:04.283: [365]PPPoE 364: data path set to PPP
.Nov 9 13:58:04.363: RADIUS/ENCODE(0000091A):Orig. component type = PPoE
.Nov 9 13:58:04.363: RADIUS: AAA Unsupported Attr: client-mac-address[48] 14
.Nov 9 13:58:04.367: RADIUS: 30 30 31 39 2E 64 31 33 33 2E 35 35 [0019.d133.55]
.Nov 9 13:58:04.367: RADIUS: AAA Unsupported Attr: interface [174] 8
.Nov 9 13:58:04.367: RADIUS: 30 2F 30 2F 31 2F [0/0/1/]
.Nov 9 13:58:04.367: RADIUS(0000091A): Config NAS IP: 0.0.0.0
.Nov 9 13:58:04.367: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
.Nov 9 13:58:04.367: RADIUS/ENCODE(0000091A): acct_session_id: 2458
.Nov 9 13:58:04.367: RADIUS(0000091A): sending
.Nov 9 13:58:04.367: RADIUS/ENCODE: Best Local IP-Address CISCO_IP_ADDRESS for Radius-Server 91.135.16.2
.Nov 9 13:58:04.367: RADIUS(0000091A): Send Access-Request to 91.135.16.2:1812 id 1645/109, len 91
.Nov 9 13:58:04.371: RADIUS: authenticator F6 28 6C 9E 4A 7D EF 19 - AF F3 F8 4E 08 C8 A2 30
.Nov 9 13:58:04.371: RADIUS: Framed-Protocol [7] 6 PPP [1]
.Nov 9 13:58:04.371: RADIUS: User-Name [1] 13 "servertelpa"
.Nov 9 13:58:04.371: RADIUS: User-Password [2] 18 *
.Nov 9 13:58:04.371: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
.Nov 9 13:58:04.371: RADIUS: NAS-Port [5] 6 0
.Nov 9 13:58:04.371: RADIUS: NAS-Port-Id [87] 10 "0/0/1/33"
.Nov 9 13:58:04.371: RADIUS: Service-Type [6] 6 Framed [2]
.Nov 9 13:58:04.371: RADIUS: NAS-IP-Address [4] 6 CISCO_IP_ADDRESS
.Nov 9 13:58:04.387: RADIUS: Received from id 1645/109 91.135.16.2:1812, Access-Accept, len 276
.Nov 9 13:58:04.391: RADIUS: authenticator 59 9D 99 31 43 EE FB 9E - 2D F1 1E 21 78 FF 31 79
.Nov 9 13:58:04.391: RADIUS: Framed-Protocol [7] 6 PPP [1]
.Nov 9 13:58:04.391: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1]
.Nov 9 13:58:04.391: RADIUS: Framed-IP-Address [8] 6 XXX.YYY.27.253
.Nov 9 13:58:04.391: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.255
.Nov 9 13:58:04.391: RADIUS: Service-Type [6] 6 Framed [2]
.Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26] 113
.Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1] 107 "lcp:interface-config#1=rate-limit intput 10240000 10000 10000 conform-action continue exceed-action drop "
.Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26] 113
.Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1] 107 "lcp:interface-config#2=rate-limit output 10240000 10000 10000 conform-action continue exceed-action drop "
.Nov 9 13:58:04.395: RADIUS(0000091A): Received from id 1645/109
.Nov 9 13:58:04.399: [365]PPPoE 364: State LCP_NEGOTIATION Event PPP_LOCAL
.Nov 9 13:58:04.399: PPPoE 364: Can not use sub-interface
.Nov 9 13:58:04.403: [365]PPPoE 364: State VACCESS_REQUESTED Event VA_RESP
.Nov 9 13:58:04.403: [365]PPPoE 364: Vi81 interface obtained
.Nov 9 13:58:04.403: [365]PPPoE 364: State PTA_BINDING Event STAT_BIND
.Nov 9 13:58:04.403: [365]PPPoE 364: data path set to Virtual Acess
.Nov 9 13:58:04.403: [365]PPPoE 364: Connected PTA
.Nov 9 13:58:04.407: %LINK-3-UPDOWN: Interface Virtual-Access81, changed state to up
panorama_plaza-gw#
.Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
.Nov 9 13:58:04.459: RADIUS/ENCODE(0000091A):Orig. component type = PPoE
.Nov 9 13:58:04.459: RADIUS(0000091A): Config NAS IP: 0.0.0.0
.Nov 9 13:58:04.463: RADIUS/ENCODE: Best Local IP-Address CISCO_IP_ADDRESS for Radius-Server RADIUS_SERVER_IP
.Nov 9 13:58:04.467: RADIUS: Received from id 1646/149 91.135.16.2:1813, Accounting-response, len 20
.Nov 9 13:58:05.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access81, changed state to up

GW#sh user | i servertelpa
Vi81 servertelpa PPPoE 00:04:39 XXX.YYY.27.9
GW#
As we see ip address is a bit different than i send from RADIUS.

GW#sh interfaces rate-limit

GW#
And no rate limits applied.


CONFIG here:
aaa authentication login default local line
aaa authentication ppp default group radius
aaa authorization console
aaa authorization exec default local
aaa accounting delay-start
aaa accounting update periodic 180
aaa accounting network default start-stop group radius
!
aaa server radius dynamic-author
server-key cool-password
!
aaa session-id common

bba-group pppoe plaza
virtual-template 1
sessions per-mac limit 1

interface FastEthernet0/1.33
encapsulation dot1Q 33
pppoe enable group plaza
pppoe max-sessions 200

interface Virtual-Template1
ip unnumbered Loopback1
peer default ip address pool plaza
ppp authentication pap

ip local pool plaza 91.135.27.4 91.135.27.245
VERSION: Cisco IOS Software, 2801 Software (C2801-SPSERVICESK9-M), Version 12.4(15)T3, RELEASE SOFTWARE (fc1)

Where to dig?











_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
Re: PPPoE radius attributes [ In reply to ]
achatz at forthnet
Nov 9, 2008, 9:09 AM
Post #2 of 4 (8049 views)
Permalink
I believe you have forgotten the "authorization network" aaa method.

--
Tassos

Edgars Makna wrote on 09/11/2008 18:44:
> Hello!
>
> I'm running pppoe server on cisco 2801, everything works except one
> thing. Cisco do not apply received parameters from radius server.
>
>
> cisco debug:
> .Nov 9 13:58:04.271: PPPoE 0: I PADI R:0019.d133.551e L:ffff.ffff.ffff
> 33 Fa0/1.33
> .Nov 9 13:58:04.271: Service tag: NULL Tag
> .Nov 9 13:58:04.271: PPPoE 0: O PADO, R:001a.e23e.6bdd L:0019.d133.551e
> 33 Fa0/1.33
> .Nov 9 13:58:04.271: Service tag: NULL Tag
> .Nov 9 13:58:04.271: PPPoE 0: I PADR R:0019.d133.551e L:001a.e23e.6bdd
> 33 Fa0/1.33
> .Nov 9 13:58:04.271: Service tag: NULL Tag
> .Nov 9 13:58:04.271: PPPoE : encap string prepared
> .Nov 9 13:58:04.271: [365]PPPoE 364: Access IE handle allocated
> .Nov 9 13:58:04.275: [365]PPPoE 364: pppoe SSS switch updated
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get retrieved attrs
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get nas port details
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA unique ID allocated
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA method list set
> .Nov 9 13:58:04.275: [365]PPPoE 364: Service request sent to SSS
> .Nov 9 13:58:04.279: [365]PPPoE 364: Created, Service: None
> R:001a.e23e.6bdd L:0019.d133.551e 33 Fa0/1.33
> .Nov 9 13:58:04.279: [365]PPPoE 364: State NAS_PORT_POLICY_INQUIRY
> Event SSS_LOCAL
> .Nov 9 13:58:04.279: [365]PPPoE 364: O PADS R:0019.d133.551e
> L:001a.e23e.6bdd Fa0/1.33
> panorama_plaza-gw#
> .Nov 9 13:58:04.283: [365]PPPoE 364: State PPP_START Event DYN_BIND
> .Nov 9 13:58:04.283: [365]PPPoE 364: data path set to PPP
> .Nov 9 13:58:04.363: RADIUS/ENCODE(0000091A):Orig. component type = PPoE
> .Nov 9 13:58:04.363: RADIUS: AAA Unsupported Attr:
> client-mac-address[48] 14
> .Nov 9 13:58:04.367: RADIUS: 30 30 31 39 2E 64 31 33 33 2E 35
> 35 [0019.d133.55]
> .Nov 9 13:58:04.367: RADIUS: AAA Unsupported Attr: interface [174] 8
> .Nov 9 13:58:04.367: RADIUS: 30 2F 30 2F 31 2F [0/0/1/]
> .Nov 9 13:58:04.367: RADIUS(0000091A): Config NAS IP: 0.0.0.0
> .Nov 9 13:58:04.367: RADIUS/ENCODE: No idb found! Framed IP Addr might
> not be included
> .Nov 9 13:58:04.367: RADIUS/ENCODE(0000091A): acct_session_id: 2458
> .Nov 9 13:58:04.367: RADIUS(0000091A): sending
> .Nov 9 13:58:04.367: RADIUS/ENCODE: Best Local IP-Address
> CISCO_IP_ADDRESS for Radius-Server 91.135.16.2
> .Nov 9 13:58:04.367: RADIUS(0000091A): Send Access-Request to
> 91.135.16.2:1812 id 1645/109, len 91
> .Nov 9 13:58:04.371: RADIUS: authenticator F6 28 6C 9E 4A 7D EF 19 -
> AF F3 F8 4E 08 C8 A2 30
> .Nov 9 13:58:04.371: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> .Nov 9 13:58:04.371: RADIUS: User-Name [1] 13 "servertelpa"
> .Nov 9 13:58:04.371: RADIUS: User-Password [2] 18 *
> .Nov 9 13:58:04.371: RADIUS: NAS-Port-Type [61] 6
> Virtual [5]
> .Nov 9 13:58:04.371: RADIUS: NAS-Port [5] 6 0
> .Nov 9 13:58:04.371: RADIUS: NAS-Port-Id [87] 10 "0/0/1/33"
> .Nov 9 13:58:04.371: RADIUS: Service-Type [6] 6
> Framed [2]
> .Nov 9 13:58:04.371: RADIUS: NAS-IP-Address [4] 6 CISCO_IP_ADDRESS
> .Nov 9 13:58:04.387: RADIUS: Received from id 1645/109
> 91.135.16.2:1812, Access-Accept, len 276
> .Nov 9 13:58:04.391: RADIUS: authenticator 59 9D 99 31 43 EE FB 9E -
> 2D F1 1E 21 78 FF 31 79
> .Nov 9 13:58:04.391: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> .Nov 9 13:58:04.391: RADIUS: Framed-Compression [13] 6 VJ TCP/IP
> Header Compressi[1]
> .Nov 9 13:58:04.391: RADIUS: Framed-IP-Address [8] 6 XXX.YYY.27.253
> .Nov 9 13:58:04.391: RADIUS: Framed-IP-Netmask [9] 6
> 255.255.255.255
> .Nov 9 13:58:04.391: RADIUS: Service-Type [6] 6
> Framed [2]
> .Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26] 113
> .Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1] 107
> "lcp:interface-config#1=rate-limit intput 10240000 10000 10000
> conform-action continue exceed-action drop "
> .Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26] 113
> .Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1] 107
> "lcp:interface-config#2=rate-limit output 10240000 10000 10000
> conform-action continue exceed-action drop "
> .Nov 9 13:58:04.395: RADIUS(0000091A): Received from id 1645/109
> .Nov 9 13:58:04.399: [365]PPPoE 364: State LCP_NEGOTIATION Event
> PPP_LOCAL
> .Nov 9 13:58:04.399: PPPoE 364: Can not use sub-interface
> .Nov 9 13:58:04.403: [365]PPPoE 364: State VACCESS_REQUESTED Event
> VA_RESP
> .Nov 9 13:58:04.403: [365]PPPoE 364: Vi81 interface obtained
> .Nov 9 13:58:04.403: [365]PPPoE 364: State PTA_BINDING Event STAT_BIND
> .Nov 9 13:58:04.403: [365]PPPoE 364: data path set to Virtual Acess
> .Nov 9 13:58:04.403: [365]PPPoE 364: Connected PTA
> .Nov 9 13:58:04.407: %LINK-3-UPDOWN: Interface Virtual-Access81,
> changed state to up
> panorama_plaza-gw#
> .Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.459: RADIUS/ENCODE(0000091A):Orig. component type = PPoE
> .Nov 9 13:58:04.459: RADIUS(0000091A): Config NAS IP: 0.0.0.0
> .Nov 9 13:58:04.463: RADIUS/ENCODE: Best Local IP-Address
> CISCO_IP_ADDRESS for Radius-Server RADIUS_SERVER_IP
> .Nov 9 13:58:04.467: RADIUS: Received from id 1646/149
> 91.135.16.2:1813, Accounting-response, len 20
> .Nov 9 13:58:05.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access81, changed state to up
>
> GW#sh user | i servertelpa
> Vi81 servertelpa PPPoE 00:04:39 XXX.YYY.27.9
> GW#
> As we see ip address is a bit different than i send from RADIUS.
>
> GW#sh interfaces rate-limit
>
> GW#
> And no rate limits applied.
>
>
> CONFIG here:
> aaa authentication login default local line
> aaa authentication ppp default group radius
> aaa authorization console
> aaa authorization exec default local
> aaa accounting delay-start
> aaa accounting update periodic 180
> aaa accounting network default start-stop group radius
> !
> aaa server radius dynamic-author
> server-key cool-password
> !
> aaa session-id common
>
> bba-group pppoe plaza
> virtual-template 1
> sessions per-mac limit 1
>
> interface FastEthernet0/1.33
> encapsulation dot1Q 33
> pppoe enable group plaza
> pppoe max-sessions 200
>
> interface Virtual-Template1
> ip unnumbered Loopback1
> peer default ip address pool plaza
> ppp authentication pap
>
> ip local pool plaza 91.135.27.4 91.135.27.245
> VERSION: Cisco IOS Software, 2801 Software (C2801-SPSERVICESK9-M),
> Version 12.4(15)T3, RELEASE SOFTWARE (fc1)
>
> Where to dig?
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
Re: PPPoE radius attributes [ In reply to ]
edgarz at dtg
Nov 9, 2008, 12:04 PM
Post #3 of 4 (8036 views)
Permalink
Tassos Chatzithomaoglou wrote:
> I believe you have forgotten the "authorization network" aaa method.
>
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas
Re: PPPoE radius attributes [ In reply to ]
td_miles at yahoo
Nov 11, 2008, 12:02 AM
Post #4 of 4 (8023 views)
Permalink
Try adding "virtual-profile aaa" to global config.

"debug vtemplate" will show you what is happening.

HTH.

regards,
Tony.



--- On Mon, 10/11/08, Edgars Makna <edgarz@dtg.lv> wrote:

> From: Edgars Makna <edgarz@dtg.lv>
> Subject: [cisco-nas] PPPoE radius attributes
> To: cisco-nas@puck.nether.net
> Date: Monday, 10 November, 2008, 3:44 AM
> Hello!
>
> I'm running pppoe server on cisco 2801, everything
> works except one thing. Cisco do not apply received
> parameters from radius server.
>
>
> cisco debug:
> .Nov 9 13:58:04.271: PPPoE 0: I PADI R:0019.d133.551e
> L:ffff.ffff.ffff 33 Fa0/1.33
> .Nov 9 13:58:04.271: Service tag: NULL Tag
> .Nov 9 13:58:04.271: PPPoE 0: O PADO, R:001a.e23e.6bdd
> L:0019.d133.551e 33 Fa0/1.33
> .Nov 9 13:58:04.271: Service tag: NULL Tag
> .Nov 9 13:58:04.271: PPPoE 0: I PADR R:0019.d133.551e
> L:001a.e23e.6bdd 33 Fa0/1.33
> .Nov 9 13:58:04.271: Service tag: NULL Tag
> .Nov 9 13:58:04.271: PPPoE : encap string prepared
> .Nov 9 13:58:04.271: [365]PPPoE 364: Access IE handle
> allocated
> .Nov 9 13:58:04.275: [365]PPPoE 364: pppoe SSS switch
> updated
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get retrieved
> attrs
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get nas port
> details
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA unique ID
> allocated
> .Nov 9 13:58:04.275: [365]PPPoE 364: AAA method list set
> .Nov 9 13:58:04.275: [365]PPPoE 364: Service request sent
> to SSS
> .Nov 9 13:58:04.279: [365]PPPoE 364: Created, Service:
> None R:001a.e23e.6bdd L:0019.d133.551e 33 Fa0/1.33
> .Nov 9 13:58:04.279: [365]PPPoE 364: State
> NAS_PORT_POLICY_INQUIRY Event SSS_LOCAL
> .Nov 9 13:58:04.279: [365]PPPoE 364: O PADS
> R:0019.d133.551e L:001a.e23e.6bdd Fa0/1.33
> panorama_plaza-gw#
> .Nov 9 13:58:04.283: [365]PPPoE 364: State PPP_START
> Event DYN_BIND
> .Nov 9 13:58:04.283: [365]PPPoE 364: data path set to PPP
> .Nov 9 13:58:04.363: RADIUS/ENCODE(0000091A):Orig.
> component type = PPoE
> .Nov 9 13:58:04.363: RADIUS: AAA Unsupported Attr:
> client-mac-address[48] 14
> .Nov 9 13:58:04.367: RADIUS: 30 30 31 39 2E 64 31 33 33
> 2E 35 35 [0019.d133.55]
> .Nov 9 13:58:04.367: RADIUS: AAA Unsupported Attr:
> interface [174] 8
> .Nov 9 13:58:04.367: RADIUS: 30 2F 30 2F 31 2F
> [0/0/1/]
> .Nov 9 13:58:04.367: RADIUS(0000091A): Config NAS IP:
> 0.0.0.0
> .Nov 9 13:58:04.367: RADIUS/ENCODE: No idb found! Framed
> IP Addr might not be included
> .Nov 9 13:58:04.367: RADIUS/ENCODE(0000091A):
> acct_session_id: 2458
> .Nov 9 13:58:04.367: RADIUS(0000091A): sending
> .Nov 9 13:58:04.367: RADIUS/ENCODE: Best Local IP-Address
> CISCO_IP_ADDRESS for Radius-Server 91.135.16.2
> .Nov 9 13:58:04.367: RADIUS(0000091A): Send Access-Request
> to 91.135.16.2:1812 id 1645/109, len 91
> .Nov 9 13:58:04.371: RADIUS: authenticator F6 28 6C 9E 4A
> 7D EF 19 - AF F3 F8 4E 08 C8 A2 30
> .Nov 9 13:58:04.371: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> .Nov 9 13:58:04.371: RADIUS: User-Name [1] 13
> "servertelpa"
> .Nov 9 13:58:04.371: RADIUS: User-Password [2] 18
> *
> .Nov 9 13:58:04.371: RADIUS: NAS-Port-Type [61] 6
> Virtual [5]
> .Nov 9 13:58:04.371: RADIUS: NAS-Port [5] 6
> 0
> .Nov 9 13:58:04.371: RADIUS: NAS-Port-Id [87] 10
> "0/0/1/33"
> .Nov 9 13:58:04.371: RADIUS: Service-Type [6] 6
> Framed [2]
> .Nov 9 13:58:04.371: RADIUS: NAS-IP-Address [4] 6
> CISCO_IP_ADDRESS
> .Nov 9 13:58:04.387: RADIUS: Received from id 1645/109
> 91.135.16.2:1812, Access-Accept, len 276
> .Nov 9 13:58:04.391: RADIUS: authenticator 59 9D 99 31 43
> EE FB 9E - 2D F1 1E 21 78 FF 31 79
> .Nov 9 13:58:04.391: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> .Nov 9 13:58:04.391: RADIUS: Framed-Compression [13] 6
> VJ TCP/IP Header Compressi[1]
> .Nov 9 13:58:04.391: RADIUS: Framed-IP-Address [8] 6
> XXX.YYY.27.253
> .Nov 9 13:58:04.391: RADIUS: Framed-IP-Netmask [9] 6
> 255.255.255.255
> .Nov 9 13:58:04.391: RADIUS: Service-Type [6] 6
> Framed [2]
> .Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26]
> 113
> .Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1]
> 107 "lcp:interface-config#1=rate-limit intput 10240000
> 10000 10000 conform-action continue exceed-action drop
> "
> .Nov 9 13:58:04.391: RADIUS: Vendor, Cisco [26]
> 113
> .Nov 9 13:58:04.391: RADIUS: Cisco AVpair [1]
> 107 "lcp:interface-config#2=rate-limit output 10240000
> 10000 10000 conform-action continue exceed-action drop
> "
> .Nov 9 13:58:04.395: RADIUS(0000091A): Received from id
> 1645/109
> .Nov 9 13:58:04.399: [365]PPPoE 364: State LCP_NEGOTIATION
> Event PPP_LOCAL
> .Nov 9 13:58:04.399: PPPoE 364: Can not use sub-interface
> .Nov 9 13:58:04.403: [365]PPPoE 364: State
> VACCESS_REQUESTED Event VA_RESP
> .Nov 9 13:58:04.403: [365]PPPoE 364: Vi81 interface
> obtained
> .Nov 9 13:58:04.403: [365]PPPoE 364: State PTA_BINDING
> Event STAT_BIND
> .Nov 9 13:58:04.403: [365]PPPoE 364: data path set to
> Virtual Acess
> .Nov 9 13:58:04.403: [365]PPPoE 364: Connected PTA
> .Nov 9 13:58:04.407: %LINK-3-UPDOWN: Interface
> Virtual-Access81, changed state to up
> panorama_plaza-gw#
> .Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.407: [365]PPPoE 364: AAA get dynamic attrs
> .Nov 9 13:58:04.459: RADIUS/ENCODE(0000091A):Orig.
> component type = PPoE
> .Nov 9 13:58:04.459: RADIUS(0000091A): Config NAS IP:
> 0.0.0.0
> .Nov 9 13:58:04.463: RADIUS/ENCODE: Best Local IP-Address
> CISCO_IP_ADDRESS for Radius-Server RADIUS_SERVER_IP
> .Nov 9 13:58:04.467: RADIUS: Received from id 1646/149
> 91.135.16.2:1813, Accounting-response, len 20
> .Nov 9 13:58:05.407: %LINEPROTO-5-UPDOWN: Line protocol on
> Interface Virtual-Access81, changed state to up
>
> GW#sh user | i servertelpa
> Vi81 servertelpa PPPoE 00:04:39
> XXX.YYY.27.9
> GW#
> As we see ip address is a bit different than i send from
> RADIUS.
>
> GW#sh interfaces rate-limit
>
> GW#
> And no rate limits applied.
>
>
> CONFIG here:
> aaa authentication login default local line
> aaa authentication ppp default group radius
> aaa authorization console
> aaa authorization exec default local
> aaa accounting delay-start
> aaa accounting update periodic 180
> aaa accounting network default start-stop group radius
> !
> aaa server radius dynamic-author
> server-key cool-password
> !
> aaa session-id common
>
> bba-group pppoe plaza
> virtual-template 1
> sessions per-mac limit 1
>
> interface FastEthernet0/1.33
> encapsulation dot1Q 33
> pppoe enable group plaza
> pppoe max-sessions 200
>
> interface Virtual-Template1
> ip unnumbered Loopback1
> peer default ip address pool plaza
> ppp authentication pap
>
> ip local pool plaza 91.135.27.4 91.135.27.245
> VERSION: Cisco IOS Software, 2801 Software
> (C2801-SPSERVICESK9-M), Version 12.4(15)T3, RELEASE SOFTWARE
> (fc1)
>
> Where to dig?
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas




_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal