Question

Locked

PPPOE / radius / cisco 3825

By akabou ·
Hi, everybody

today i have a problem with my network to authenticate, user connected on A vlan and using PPPOE access.

The configuration PPPOE is on cisco router, and users list with their ip address are in Radius.

What I want is the cisco to forward request authentication to radius, and if success give acces to network with the ip address provided by Radius.

Here is the debug accounting

bras#Debug radius accounting

*Dec 16 13:36:45.296: RADIUS/ENCODE(00000363)rig. component type = PPoE
*Dec 16 13:36:45.296: RADIUS(00000363): Config NAS IP: 172.16.0.1
*Dec 16 13:36:45.296: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
*Dec 16 13:36:45.296: RADIUS(00000363): Config NAS IP: 172.16.0.1
*Dec 16 13:36:45.300: RADIUS: Received from id 1645/232 10.0.0.2:1812, Access-Accept, len 113
*Dec 16 13:36:45.308: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up
*Dec 16 13:36:45.580: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down

You can see that th virtual access goes up then down.

I see that the termination is asked by cisco router, under this you can see the trace.

86 13:59:36.982906 Cisco_85:43:31 Usi_10:ef:0f PPP LCP Termination Request

here is the radius debug in cisco.

*Dec 16 13:43:36.520: RADIUS/ENCODE(00000364)rig. component type = PPoE
*Dec 16 13:43:36.520: RADIUS: AAA Unsupported Attr: client-mac-address[49] 14
*Dec 16 13:43:36.520: RADIUS: 30 30 32 34 2E 37 65 31 30 2E 65 66 [0024.7e10.ef]
*Dec 16 13:43:36.520: RADIUS: AAA Unsupported Attr: interface [175] 7
*Dec 16 13:43:36.520: RADIUS: 30 2F 30 2F 31 [0/0/1]
*Dec 16 13:43:36.520: RADIUS(00000364): Config NAS IP: 172.16.0.1
*Dec 16 13:43:36.520: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
*Dec 16 13:43:36.520: RADIUS/ENCODE(00000364): acct_session_id: 931
*Dec 16 13:43:36.520: RADIUS(00000364): Config NAS IP: 172.16.0.1
*Dec 16 13:43:36.520: RADIUS(00000364): sending
*Dec 16 13:43:36.520: RADIUS(00000364): Send Access-Request to 10.0.0.2:1812 id 1645/233, len 120
*Dec 16 13:43:36.520: RADIUS: authenticator 60 72 2E C2 98 37 C4 99 - 01 0B 4F 9B 0B 24 42
*Dec 16 13:43:36.520: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Dec 16 13:43:36.520: RADIUS: User-Name [1] 8 "akabou"
*Dec 16 13:43:36.520: RADIUS: CHAP-Password [3] 19 *
*Dec 16 13:43:36.520: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Dec 16 13:43:36.520: RADIUS: NAS-Port [5] 6 0
*Dec 16 13:43:36.520: RADIUS: NAS-Port-Id [87] 9 "0/0/1/2"
*Dec 16 13:43:36.520: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 16 13:43:36.520: RADIUS: NAS-IP-Address [4] 6 172.16.0.1
*Dec 16 13:43:36.520: RADIUS: Acct-Session-Id [44] 18 "0A000001000003A3"
*Dec 16 13:43:36.524: RADIUS: Nas-Identifier [32] 16 "cisco.domain.com"
*Dec 16 13:43:36.524: RADIUS: Received from id 1645/233 10.0.0.2:1812, Access-Accept, len 113
*Dec 16 13:43:36.524: RADIUS: authenticator D0 5B 66 9F 40 D2 28 0F - 15 89 28 66 47 F5 2D B6
*Dec 16 13:43:36.524: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 16 13:43:36.524: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Dec 16 13:43:36.524: RADIUS: Framed-IP-Address [ 6 172.16.0.2
*Dec 16 13:43:36.524: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.255
*Dec 16 13:43:36.524: RADIUS: Framed-Routing [10] 6 3
*Dec 16 13:43:36.524: RADIUS: Framed-Route [22] 42 "172.16.0.1 255.255.255.255 172.16.0.2 10"
*Dec 16 13:43:36.524: RADIUS: Filter-Id [11] 9
*Dec 16 13:43:36.524: RADIUS: 73 74 64 2E 70 70 70 [std.ppp]
*Dec 16 13:43:36.524: RADIUS: Framed-MTU [12] 6 1492
*Dec 16 13:43:36.524: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1]
*Dec 16 13:43:36.524: RADIUS(00000364): Received from id 1645/233
*Dec 16 13:43:36.532: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Dec 16 13:43:37.576: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down


If someone has an idea.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Can you post your config

by NetMan1958 In reply to PPPOE / radius / cisco 38 ...

If you post the current config, that would be a good starting point.

Collapse -

my config

by akabou In reply to Can you post your config

Hello, here is my configuration

Building configuration...

Current configuration : 3300 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname bras
!
boot-start-marker
boot system flash:c3825-advsecurityk9-mz.124-24.T2.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa group server radius radiud
server 10.0.0.2 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication ppp default if-needed group radius
aaa authorization exec default group radius if-authenticated
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting exec default
action-type start-stop
group radius
!
aaa accounting network default
action-type start-stop
group radius
!
!
!
aaa session-id common
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name domain.fr
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
!
!
!
!
!
!
!
username hello privilege 15 secret 5 $1$kAZ4$J1UiWih6vwFyG0f7Bcqng1
archive
log config
hidekeys
!
!
!
!
!
!
!
bba-group pppoe global
virtual-template 1
sessions max limit 200
sessions per-mac limit 10
!
!
interface Loopback0
ip address 172.16.0.1 255.255.255.255
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 172.26.50.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 10.1.0.1 255.255.0.0
pppoe enable group global
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 10.2.0.1 255.255.0.0
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 10.3.0.1 255.255.0.0
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 10.0.0.1 255.255.0.0
!
interface FastEthernet2/0
!
interface FastEthernet2/1
!
interface FastEthernet2/2
!
interface FastEthernet2/3
!
interface FastEthernet2/4
!
interface FastEthernet2/5
!
interface FastEthernet2/6
!
interface FastEthernet2/7
!
interface FastEthernet2/8
!
interface FastEthernet2/9
!
interface FastEthernet2/10
!
interface FastEthernet2/11
!
interface FastEthernet2/12
!
interface FastEthernet2/13
!
interface FastEthernet2/14
!
interface FastEthernet2/15
!
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
no peer default ip address
ppp authentication chap
ppp authorization radius
ppp accounting radius
ppp ipcp dns accept
ppp ipcp mask request
ppp ipcp address accept
!
interface Vlan1
no ip address
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip radius source-interface Loopback0
!
!
!
!
radius-server attribute 8 include-in-access-req
radius-server host 10.0.0.2 auth-port 1812 acct-port 1813 key testing123
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet
!
scheduler allocate 20000 1000
end

Collapse -

debug of radius

by akabou In reply to my config

Hello, here is a debug of radius

*Dec 15 14:39:47.422: RADIUS/ENCODE(00000184)rig. component type = PPoE
*Dec 15 14:39:47.422: RADIUS: AAA Unsupported Attr: client-mac-address[49] 14
*Dec 15 14:39:47.422: RADIUS: 30 30 32 34 2E 37 65 31 30 2E 65 66 [0024.7e10.ef]
*Dec 15 14:39:47.426: RADIUS: AAA Unsupported Attr: interface [175] 7
*Dec 15 14:39:47.426: RADIUS: 30 2F 30 2F 31 [0/0/1]
*Dec 15 14:39:47.426: RADIUS(00000184): Config NAS IP: 0.0.0.0
*Dec 15 14:39:47.426: RADIUS/ENCODE(00000184): acct_session_id: 446
*Dec 15 14:39:47.426: RADIUS(00000184): sending
*Dec 15 14:39:47.426: RADIUS/ENCODE: Best Local IP-Address 10.0.0.1 for Radius-Server 10.0.0.2
*Dec 15 14:39:47.426: RADIUS(00000184): Send Access-Request to 10.0.0.2:1812 id 1645/124, len 86
*Dec 15 14:39:47.426: RADIUS: authenticator 48 68 6E 04 D6 DB 8B F6 - 01 0B 4F FD FD 2B EB
*Dec 15 14:39:47.426: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Dec 15 14:39:47.426: RADIUS: User-Name [1] 8 "akabou"
*Dec 15 14:39:47.426: RADIUS: CHAP-Password [3] 19 *
*Dec 15 14:39:47.426: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Dec 15 14:39:47.426: RADIUS: NAS-Port [5] 6 0
*Dec 15 14:39:47.426: RADIUS: NAS-Port-Id [87] 9 "0/0/1/2"
*Dec 15 14:39:47.426: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 15 14:39:47.426: RADIUS: NAS-IP-Address [4] 6 10.0.0.1
*Dec 15 14:39:47.426: RADIUS: Received from id 1645/124 10.0.0.2:1812, Access-Accept, len 71
*Dec 15 14:39:47.426: RADIUS: authenticator 48 AE B3 E5 E7 46 3A 42 - 8E 82 3F 9E C5 3E BE 30
*Dec 15 14:39:47.426: RADIUS: Service-Type [6] 6 Framed [2]
*Dec 15 14:39:47.426: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Dec 15 14:39:47.426: RADIUS: Framed-IP-Address [ 6 10.5.1.1
*Dec 15 14:39:47.426: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.255
*Dec 15 14:39:47.426: RADIUS: Framed-Routing [10] 6 3
*Dec 15 14:39:47.426: RADIUS: Filter-Id [11] 9
*Dec 15 14:39:47.426: RADIUS: 73 74 64 2E 70 70 70 [std.ppp]
*Dec 15 14:39:47.426: RADIUS: Framed-MTU [12] 6 1500
*Dec 15 14:39:47.426: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1]
*Dec 15 14:39:47.426: RADIUS(00000184): Received from id 1645/124
*Dec 15 14:39:47.434: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up
*Dec 15 14:39:47.882: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down

As we can see radius atuthenticate me,

he give me an ip address, but the virtual interface goes up and then down.

Collapse -

Different Debug

by NetMan1958 In reply to debug of radius

Try running this:
debug interface virtual-access 3
and let's see if that teels us more.

Collapse -

comme back late

by akabou In reply to PPPOE / radius / cisco 38 ...

Hello sorry to come back so late

but it's solved the problem was on the radius

server, it wasn't correctly setup.

Thanks Netman

Back to Networks Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums