[prev in list] [next in list] [prev in thread] [next in thread]
List: cisco-nas
Subject: [cisco-nas] cisco and nas-port equal zero (NAS-Port = 0)
From: pc286 () bk ! ru
Date: 2006-11-20 10:02:57
Message-ID: 322982924.20061120130257 () bk ! ru
[Download RAW message or body]
Hello, all!
how to fix "NAS-Port = 0" ?
cisco AS5350
ios c5350-is-mz.122-15.T9.bin
related config strings (i think):
aaa new-model
!
!
aaa group server radius GROUP_ONE
server 11.11.22.2 auth-port 1234 acct-port 1235
!
aaa group server radius GROUP_TWO
server 11.22.22.2 auth-port 1234 acct-port 1235
!
aaa authentication login default line
aaa authentication login h323 group GROUP_ONE
aaa authentication ppp default group GROUP_TWO
aaa authorization exec h323 group GROUP_ONE
aaa authorization network default group GROUP_TWO
aaa accounting update newinfo
aaa accounting network default start-stop group GROUP_TWO
aaa accounting network h323 start-stop group GROUP_ONE
aaa accounting connection h323 start-stop group GROUP_ONE
aaa nas port extended
aaa session-id common
!
virtual-profile virtual-template 1
vpdn enable
vpdn aaa attribute nas-port vpdn-nas
!
radius-server attribute 44 include-in-access-req
no radius-server attribute 77 include-in-acct-req
no radius-server attribute 77 include-in-access-req
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute nas-port format c
radius-server host 11.11.22.2 auth-port 1234 acct-port 1235 key 7 \
0101010101010101010101 radius-server host 11.22.22.2 auth-port 1234 acct-port 1235 \
key 7 0101010101010101010101 radius-server timeout 20
radius-server deadtime 100
radius-server key 7 0101010101010101
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
!
subscriber access pppoe pre-authorize nas-port-id default
!
cs-console#debug radius authentication
Nov 20 12:39:18 cs1 79202: Nov 20 12:39:18.293 MSK: RADIUS(00017EBB):Send \
Access-Request to 11.22.22.2:1234 id 21660/59, len 104
Nov 20 12:39:18 cs1 79203: Nov 20 12:39:18.293 MSK: RADIUS: authenticator 32 8D 70 \
BB 26 69 6C 02 - 7A CB 6F AB CE 52 9E CC
Nov 20 12:39:18 cs1 79204: Nov 20 12:39:18.293 MSK: RADIUS: Framed-Protocol [7] \
6 PPP [1]
Nov 20 12:39:18 cs1 79205: Nov 20 12:39:18.293 MSK: RADIUS: User-Name [1] \
9 "user"
Nov 20 12:39:18 cs1 79206: Nov 20 12:39:18.293 MSK: RADIUS: User-Password [2] \
18 *
Nov 20 12:39:18 cs1 79207: Nov 20 12:39:18.293 MSK: RADIUS: NAS-Port-Type [61] \
6 Virtual [5]
Nov 20 12:39:18 cs1 79208: Nov 20 12:39:18.293 MSK: RADIUS: Vendor, Cisco [26] \
17
Nov 20 12:39:18 cs1 79209: Nov 20 12:39:18.297 MSK: RADIUS: cisco-nas-port [2] \
11 "0/0/1/100"
Nov 20 12:39:18 cs1 79210: Nov 20 12:39:18.297 MSK: RADIUS: NAS-Port [5] \
6 0
Nov 20 12:39:18 cs1 79211: Nov 20 12:39:18.297 MSK: RADIUS: Service-Type [6] \
6 Framed [2]
Nov 20 12:39:18 cs1 79212: Nov 20 12:39:18.297 MSK: RADIUS: NAS-IP-Address [4] \
6 11.22.22.2
Nov 20 12:39:18 cs1 79213: Nov 20 12:39:18.297 MSK: RADIUS: Acct-Session-Id [44] \
10 "0001E46D"
Nov 20 12:39:18 cs1 79214: Nov 20 12:39:18.877 MSK: RADIUS(00017EBD): Storing nasport \
0 in rad_db
Nov 20 12:39:18 cs1 79215: Nov 20 12:39:18.877 MSK: RADIUS(00017EBD): Config NAS IP: \
11.22.22.2
Nov 20 12:39:18 cs1 79216: Nov 20 12:39:18.877 MSK: RADIUS/ENCODE(00017EBD): \
acct_session_id: 124016
Nov 20 12:39:18 cs1 79217: Nov 20 12:39:18.877 MSK: RADIUS(00017EBD): sending
Nov 20 12:39:18 cs1 79218: Nov 20 12:39:18.881 MSK: RADIUS(00017EBD): Send \
Access-Request to 11.22.22.2:1234 id 21660/60, len 122
Nov 20 12:39:18 cs1 79219: Nov 20 12:39:18.881 MSK: RADIUS: authenticator C9 FB 38 \
C5 F0 D7 1F 09 - 6C B6 87 E0 5F D3 BE 4B
Nov 20 12:39:18 cs1 79220: Nov 20 12:39:18.881 MSK: RADIUS: User-Name [1] \
33 "nas-port:11.22.22.2:0/0/1/100"
Nov 20 12:39:18 cs1 79221: Nov 20 12:39:18.881 MSK: RADIUS: User-Password [2] \
18 *
Nov 20 12:39:19 cs1 79222: Nov 20 12:39:18.881 MSK: RADIUS: NAS-Port-Type [61] \
6 Virtual [5]
Nov 20 12:39:19 cs1 79223: Nov 20 12:39:18.881 MSK: RADIUS: Vendor, Cisco [26] \
17
Nov 20 12:39:19 cs1 79224: Nov 20 12:39:18.881 MSK: RADIUS: cisco-nas-port [2] \
11 "0/0/1/100"
Nov 20 12:39:19 cs1 79225: Nov 20 12:39:18.881 MSK: RADIUS: NAS-Port [5] \
6 0
Nov 20 12:39:19 cs1 79226: Nov 20 12:39:18.881 MSK: RADIUS: Service-Type [6] \
6 Outbound [5]
Nov 20 12:39:19 cs1 79227: Nov 20 12:39:18.881 MSK: RADIUS: NAS-IP-Address [4] \
6 11.22.22.2
Nov 20 12:39:19 cs1 79228: Nov 20 12:39:18.881 MSK: RADIUS: Acct-Session-Id [44] \
10 "0001E470"
if i change
from "radius-server attribute nas-port format c"
to "radius-server attribute nas-port format d"
or to "radius-server attribute nas-port format e <ANY STRING>"
i get samething like this:
Nov 20 12:49:00 cs1 80295: Nov 20 12:49:00.376 MSK: RADIUS(00015F83): Using existing \
nas_port 0
Nov 20 12:49:00 cs1 80296: Nov 20 12:49:00.376 MSK: RADIUS(00015F83): Config NAS IP: \
11.22.22.2
Nov 20 12:49:02 cs1 80297: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): Storing nasport \
16777316 in rad_db
Nov 20 12:49:02 cs1 80298: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): Config NAS IP: \
11.22.22.2
Nov 20 12:49:02 cs1 80299: Nov 20 12:49:01.216 MSK: RADIUS/ENCODE(000180FB): \
acct_session_id: 124901
Nov 20 12:49:02 cs1 80300: Nov 20 12:49:01.216 MSK: RADIUS/ENCODE(000180FB): \
Acct-session-id pre-pended with Nas Port = 0/0/1/100
Nov 20 12:49:02 cs1 80301: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): sending
Nov 20 12:49:02 cs1 80302: Nov 20 12:49:01.216 MSK: RADIUS(000180FB): Send \
Access-Request to 11.22.22.2:1234 id 21671/1, len 132
Nov 20 12:49:02 cs1 80303: Nov 20 12:49:01.216 MSK: RADIUS: authenticator 72 DB 80 \
96 61 92 E7 A1 - 53 CA 6F 34 BF E8 B6 3A
Nov 20 12:49:02 cs1 80304: Nov 20 12:49:01.216 MSK: RADIUS: User-Name [1] \
33 "nas-port:11.22.22.2:0/0/1/100"
Nov 20 12:49:02 cs1 80305: Nov 20 12:49:01.216 MSK: RADIUS: User-Password [2] \
18 *
Nov 20 12:49:02 cs1 80306: Nov 20 12:49:01.216 MSK: RADIUS: NAS-Port-Type [61] \
6 Eth [15]
Nov 20 12:49:02 cs1 80307: Nov 20 12:49:01.216 MSK: RADIUS: Vendor, Cisco [26] \
17
Nov 20 12:49:02 cs1 80308: Nov 20 12:49:01.216 MSK: RADIUS: cisco-nas-port [2] \
11 "0/0/1/100"
Nov 20 12:49:02 cs1 80309: Nov 20 12:49:01.216 MSK: RADIUS: NAS-Port [5] \
6 16777316
Nov 20 12:49:02 cs1 80310: Nov 20 12:49:01.216 MSK: RADIUS: Service-Type [6] \
6 Outbound [5]
Nov 20 12:49:02 cs1 80311: Nov 20 12:49:01.220 MSK: RADIUS: NAS-IP-Address [4] \
6 11.22.22.2
Nov 20 12:49:02 cs1 80312: Nov 20 12:49:01.220 MSK: RADIUS: Acct-Session-Id [44] \
20 "0/0/1/100_0001E7E5"
Nov 20 12:49:02 cs1 80313: Nov 20 12:49:01.244 MSK: RADIUS: Received from id \
21670/254 11.22.22.2:1234, Access-Reject, len 1072
Nov 20 12:49:02 cs1 80314: Nov 20 12:49:01.244 MSK: RADIUS: authenticator DD 27 FF \
B3 22 F5 32 2D - D6 F3 B5 F5 18 0C EB 71
Nov 20 12:49:02 cs1 80315: Nov 20 12:49:01.244 MSK: RADIUS: Vendor, Ascend [26] \
12
Nov 20 12:49:02 cs1 80316: Nov 20 12:49:01.244 MSK: RADIUS: Unsupported [50] \
6
Nov 20 12:49:02 cs1 80317: Nov 20 12:49:01.244 MSK: RADIUS: 00 00 00 01 \
[????]
Nov 20 12:49:02 cs1 80318: Nov 20 12:49:01.244 MSK: RADIUS: Vendor, Ascend [26] \
40
Nov 20 12:49:02 cs1 80319: Nov 20 12:49:01.244 MSK: RADIUS: Ascend-Data-Filter \
[242] 34
Nov 20 12:49:02 cs1 80320: Nov 20 12:49:01.244 MSK: RADIUS: 01 01 01 00 00 00 00 00 \
00 00 00 00 00 00 06 01 [????????????????]
Nov 20 12:49:02 cs1 80321: Nov 20 12:49:01.248 MSK: RADIUS: 00 00 00 00 00 00 00 00 \
00 00 00 00 00 00 00 [???????????????]
but in this case NAS-Port is a constant, and don't depent on
connection. And NAS-Port-Type become Ethernet instead of Virtual (in
Radius set NAS-Port-Type = Virtual)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic