PeterPen

Не работает с PPtP, c PPP все супер берет и конектит, хотелось в обход по ВПН. А дозвон оставить на резерв. А насчет 731 ошибки какие мисли есть?

Сделано. Толку мало. Если использую логини и пароли с радиуса не заходит даже. И нет отлупа в логе радиуса. Только с логином storoj но и там не получается с PPP

Не могу настроить PPtP (GRE) на кошке 2811. Радиус стоит на винде 2003 на IAS. При дозвоне через модем все работает. Когда завел юзера storoj дает при соединении 731 ошибку, что ппп не так настроено. Когда беру юзеров из радиуса как на дозвоне вобще не соединяет. Что не так? Помогите плизз!!! За ранее благодарен. Конфиг кошки ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption service sequence-numbers ! hostname ххххххххх ! boot-start-marker boot system flash c2800nm-ipbasek9-mz.124-8.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 warnings enable secret 5 $1$FTm4$iHXYvgsqLfXP8eIhmrB.2. ! aaa new-model ! ! aaa authentication login admins local aaa authentication ppp childrens group radius local aaa authorization exec default local aaa authorization network default group radius local aaa accounting network default start-stop group radius ! aaa session-id common ! resource policy ! clock timezone KIEV 2 clock summer-time KIEVD recurring last Sun Mar 2:00 last Sun Oct 3:00 no ip source-route ! ! ip cef ! ! no ip bootp server no ip domain lookup vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group description FastEtthernet default VPDN Group accept-dialin protocol pptp virtual-template 1 session-limit 50 local name PPtP_Gateway_(AS) ! ! ! ! username ххххх privilege 15 secret 5 $1$b7P8$D8Bir2qkJ4nQGVan5CaXt1 username ххххх secret 5 $1$HCKi$DFg.q/4EsIsW6HJZxkSHG0 username storoj password 7 031E5E1F075C77 ! ! ! interface Null0 no ip unreachables ! interface FastEthernet0/0 description $FW_INSIDE$ ip address 10.29.1.2 255.255.255.0 ip access-group 3 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no ip mroute-cache duplex full speed 100 no snmp trap link-status priority-group 1 no cdp enable no mop enabled ! interface FastEthernet0/1 description PPtP_Interface ip address 192.168.0.2 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto no cdp enable no mop enabled ! interface Serial0/0/0 description $FW_OUTSIDE$ ip address 10.100.0.41 255.255.255.0 ip access-group 4 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp encapsulation frame-relay IETF ip route-cache flow no ip mroute-cache ntp disable no fair-queue frame-relay class 16k frame-relay traffic-shaping frame-relay interface-dlci 41 ! interface Virtual-Template1 ip unnumbered FastEthernet0/1 ip mtu 1450 autodetect encapsulation ppp qos pre-classify peer default ip address pool PPtPPool ppp authentication chap ms-chap ms-chap-v2 callin ! interface Async0/1/0 ip address 10.129.1.81 255.255.255.0 encapsulation ppp ip tcp header-compression ntp disable async mode dedicated peer default ip address 10.129.1.31 no fair-queue ppp authentication ms-chap childrens ! interface Async0/1/1 ip address 10.129.1.82 255.255.255.0 encapsulation ppp ip tcp header-compression ntp disable async mode dedicated peer default ip address 10.129.1.32 no fair-queue ppp authentication ms-chap ms-chap-v2 chap childrens ! interface Async0/1/2 no ip address encapsulation slip ! interface Async0/1/3 no ip address encapsulation slip ! interface Async0/1/4 no ip address encapsulation slip ! interface Async0/1/5 no ip address encapsulation slip ! interface Async0/1/6 no ip address encapsulation slip ! interface Async0/1/7 ip address 10.129.1.88 255.255.255.0 encapsulation ppp ip tcp header-compression ntp disable async mode dedicated peer default ip address 10.129.1.38 no fair-queue ppp authentication ms-chap childrens ! router rip version 2 network 10.0.0.0 ! ip local pool PPtPPool 10.129.1.40 10.129.1.60 ip route 10.1.1.0 255.255.255.0 10.201.1.1 ip route 10.1.252.6 255.255.255.255 10.201.1.1 ! no ip http server ip http access-class 1 ip http authentication local no ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! ! map-class frame-relay 16k frame-relay traffic-rate 64000 64000 frame-relay adaptive-shaping becn frame-relay mincir 16000 frame-relay priority-group 1 logging source-interface FastEthernet0/0 logging 10.1.1.9 access-list 1 permit 10.1.1.9 access-list 1 deny any log access-list 2 permit 10.1.1.0 0.0.0.255 access-list 2 permit 10.29.1.0 0.0.0.255 access-list 2 deny any log access-list 3 permit 10.29.0.0 0.0.255.255 access-list 3 deny any log access-list 4 permit 10.100.0.1 access-list 4 permit 10.1.1.0 0.0.0.255 access-list 4 deny any log access-list 101 permit icmp any any priority-list 1 protocol ip high list 101 priority-list 1 protocol ip high tcp telnet snmp-server community public RO 1 snmp-server ifindex persist snmp-server trap link ietf snmp-server trap-source FastEthernet0/0 snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps envmon snmp-server enable traps config snmp-server enable traps frame-relay snmp-server enable traps frame-relay subif snmp-server host 10.1.1.9 public no cdp run radius-server host 10.29.1.4 auth-port 1645 acct-port 1646 radius-server key 7 091D1C5A ! control-plane ! ! line con 0 transport output telnet line aux 0 transport output telnet line 0/1/0 0/1/6 modem InOut transport input all autoselect during-login autoselect ppp stopbits 1 speed 115200 flowcontrol hardware line 0/1/7 modem InOut transport input all autoselect during-login autoselect ppp stopbits 1 speed 19200 flowcontrol hardware line vty 0 4 access-class 2 in transport input telnet transport output telnet ! scheduler allocate 20000 1000 ntp clock-period 17179748 ntp server 10.29.1.4 ! end

Помогите с бинами к Cisco CE 550 с версий 2.0 до 2.5. С уважением Петр

Даже не каких идей?

CISCO 828 - Cookie information corupted. Вот такую строчку дает при загрузке 828 киска , как вылечить? Наверное перезалить РОММОН ?

Предлагаю найти человека которій в єтом разбирается, и дать ему денег. Пускай все сделает .

Все догнал дело во фри радиусе он заточен только для 2511 и 5300 и т.д. От рафика она не умрет свои 75 мегабит отроутит на ура. Чуть помощнее 3640. Так а где взять список атрибутов как их передавать через радиус. Видел кусок на нетап. П.С. Большое спасибо всем за помощь!!!!

*Mar 11 01:43:27: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up *Mar 11 01:43:27.875: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially *Mar 11 01:43:27.875: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress *Mar 11 01:43:29.911: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress *Mar 11 01:43:29.915: AAA: parse name=Virtual-Access1 idb type=21 tty=-1 *Mar 11 01:43:29.915: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0 *Mar 11 01:43:29.915: AAA/MEMORY: create_user (0x615D9DDC) user='333' ruser='NULL' ds0=0 port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1 initial_task_id='0' *Mar 11 01:43:29.915: AAA/AUTHEN/START (2387013710): port='Virtual-Access1' list='' action=LOGIN service=PPP *Mar 11 01:43:29.915: AAA/AUTHEN/START (2387013710): using "default" list *Mar 11 01:43:29.915: AAA/AUTHEN/START (2387013710): Method=radius (radius) *Mar 11 01:43:29.915: RADIUS: ustruct sharecount=1 *Mar 11 01:43:29.915: Radius: radius_port_info() success=1 radius_nas_port=1 *Mar 11 01:43:29.915: RADIUS: Initial Transmit Virtual-Access1 id 32 10.0.0.100:1812, Access-Request, len 145 *Mar 11 01:43:29.915: Attribute 4 6 0A000065 *Mar 11 01:43:29.919: Attribute 5 6 00000001 *Mar 11 01:43:29.919: Attribute 61 6 00000005 *Mar 11 01:43:29.919: Attribute 1 5 3333332C *Mar 11 01:43:29.919: Attribute 44 10 0000000A *Mar 11 01:43:29.919: Attribute 26 16 000001370B0A6C75 *Mar 11 01:43:29.919: Attribute 26 58 0000013701341201 *Mar 11 01:43:29.919: Attribute 6 6 00000002 *Mar 11 01:43:29.919: Attribute 7 6 00000001 *Mar 11 01:43:29.919: Attribute 8 6 AC100002 *Mar 11 01:43:41.487: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:41.487: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:42.939: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:42.939: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:44.675: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:44.675: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:46.783: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:46.783: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:47.955: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:47.955: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:49.007: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:49.007: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:49.951: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:49.951: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:50.963: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:50.963: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:51.819: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:51.819: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:52.795: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:52.795: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:53.595: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:53.595: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:54.531: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:54.531: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:55.311: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:55.311: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:56.243: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:56.243: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:57.083: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:57.083: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:58.043: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:58.047: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:58.907: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:58.907: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:59.719: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:43:59.719: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:43:59.919: RADIUS: Retransmit id 32 *Mar 11 01:44:00.307: Vi1 AAA/DISC: 1/"User Request" *Mar 11 01:44:00.307: Vi1 AAA/DISC/EXT: 1045/"Received Terminate" *Mar 11 01:44:00: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down *Mar 11 01:44:00.311: Vi1 AAA/DISC: 2/"Lost Carrier" *Mar 11 01:44:00.311: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier" *Mar 11 01:44:00.311: Vi1 AAA/DISC: 2/"Lost Carrier" *Mar 11 01:44:00.311: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier" *Mar 11 01:44:00.619: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:00.619: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:01.855: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:01.855: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:09.675: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:09.675: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:10.635: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:10.635: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:11.583: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:11.583: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:12.439: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:12.439: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:13.351: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:13.351: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:29.919: RADIUS: Retransmit id 32 *Mar 11 01:44:41.715: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:41.715: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:46.955: AAA/AUTHOR: config command authorization not enabled *Mar 11 01:44:46.955: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:44:46.955: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:44:59.919: RADIUS: Retransmit id 32 *Mar 11 01:45:03.659: AAA/AUTHOR: config command authorization not enabled *Mar 11 01:45:03.659: unknown AAA/DISC: 9/"NAS Error" *Mar 11 01:45:03.659: unknown AAA/DISC/EXT: 1002/"Unknown" *Mar 11 01:45:29.919: RADIUS: Tried all servers. *Mar 11 01:45:29.919: RADIUS: No valid server found. Trying any viable server *Mar 11 01:45:29.919: RADIUS: Tried all servers. *Mar 11 01:45:29.919: RADIUS: No response for id 32 *Mar 11 01:45:29.919: Radius: No response from server *Mar 11 01:45:29.919: AAA/AUTHEN (2387013710): status = ERROR *Mar 11 01:45:29.919: AAA/AUTHEN/START (2387013710): no methods left to try *Mar 11 01:45:29.919: AAA/AUTHEN (2387013710): status = ERROR *Mar 11 01:45:29.919: AAA/AUTHEN/START (2387013710): failed to authenticate *Mar 11 01:45:29.919: Virtual-Access1 AAA/DISC: 17/"User Error" *Mar 11 01:45:29.919: Virtual-Access1 AAA/DISC/EXT: 1043/"CHAP Auth Failed" *Mar 11 01:45:29.919: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress *Mar 11 01:45:29.919: Vi1 AAA/DISC: 18/"Host Request" *Mar 11 01:45:29.919: Vi1 AAA/DISC/EXT: 1046/"Upper Layer Req Close" *Mar 11 01:45:29.919: AAA/MEMORY: free_user (0x615D9DDC) user='333' ruser='NULL' port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1 *Mar 11 01:45:29.919: Vi1 AAA/AUTHOR/PER-USER: Event LCP_DOWN

Мой конфиг: Building configuration... Current configuration : 3448 bytes ! version 12.2 service timestamps debug datetime msec localtime service timestamps log datetime localtime service password-encryption ! hostname ххххххххххххх.ua ! boot system flash aaa new-model aaa authentication login default local aaa authentication ppp default group radius local aaa authorization exec default local aaa authorization network default group radius if-authenticated aaa accounting update periodic 1 aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius enable secret 5 $1$NMUC$OMIJ6tGD/tYF67gthpY1g/ enable password 7 0506031D22595C0000440D0A595C547D ! username admin password 7 030A5E1C471B2E584F05150C1919405D5C clock timezone Kyiv 2 ip subnet-zero ip cef no ip domain-lookup ip domain-name хххххххххххххх.ua ip name-server 194.44.214.37 ip name-server 194.44.214.40 ! virtual-profile virtual-template 1 vpdn enable vpdn source-ip 172.16.0.1 vpdn aaa attribute nas-ip-address vpdn-nas vpdn logging vpdn logging local vpdn session-limit 300 ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 pptp flow-control static-rtt 500 ip mtu adjust ! ! ! ! ! interface Loopback1 ip address 172.16.0.1 255.255.255.255 ip nat inside ! interface Ethernet0 description PPtP_dialin_interface1 ip address 192.168.1.250 255.255.255.0 tx-ring-limit 32 tx-queue-limit 32 media-type 10BaseT random-detect ! interface Ethernet1 no ip address shutdown media-type 10BaseT ! interface Ethernet2 no ip address shutdown media-type 10BaseT ! interface Ethernet3 description Radius interface ip address 10.0.0.101 255.255.255.192 media-type 10BaseT ! interface Ethernet4 no ip address shutdown media-type 10BaseT ! interface Ethernet5 description Internet-interface1 ip address ххх.ххх.ххх.ххх 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat outside no ip route-cache cef media-type 10BaseT ! interface Virtual-Template1 ip unnumbered Loopback1 ip access-group 101 in ip mtu 1460 ip tcp header-compression ip mroute-cache keepalive 60 timeout absolute 6000 0 autodetect encapsulation ppp peer default ip address pool DIAL-IN fair-queue ppp encrypt mppe auto ppp authentication ms-chap chap pap callin ! ip local pool DIAL-IN 172.16.0.2 172.16.0.254 ip nat inside source list 4 interface Ethernet5 overload ip classless ip route 0.0.0.0 0.0.0.0 ххх.ххх.ххх.ххх ip http server ! ip radius source-interface Ethernet3 access-list 4 permit 172.16.0.0 0.0.0.255 access-list 101 deny tcp any any eq 135 access-list 101 deny tcp any any eq 137 access-list 101 deny tcp any any eq 138 access-list 101 deny tcp any any eq 139 access-list 101 deny tcp any any eq 445 access-list 101 deny tcp any any eq 69 access-list 101 deny udp any any eq 135 access-list 101 deny udp any any eq netbios-ns access-list 101 deny udp any any eq netbios-dgm access-list 101 deny udp any any eq netbios-ss access-list 101 deny udp any any eq 445 access-list 101 permit ip any any access-list 101 permit gre any any access-list 101 permit tcp any any access-list 101 permit udp any any access-list 101 permit icmp any any radius-server host 10.0.0.100 auth-port 1812 acct-port 1813 radius-server timeout 30 radius-server challenge-noecho radius-server key 7 13171616021917 radius-server vsa send accounting radius-server vsa send authentication ! line con 0 line aux 0 line vty 0 4 ! end Авторизацию проходит но дальше ничего интерфейс впдн падает и дает ошибку 718 - нет ответа, в какую сторону копать ? Дебаг пишет: 00:29:39: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up Mar 11 00:29:39.339: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially Mar 11 00:29:39.339: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress Mar 11 00:29:41.343: AAA: parse name=Virtual-Access1 idb type=21 tty=-1 Mar 11 00:29:41.343: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0 Mar 11 00:29:41.343: AAA/MEMORY: create_user (0x615E9D64) user='333' ruser='NULL' ds0=0 port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1 initial_task_id='0' Mar 11 00:29:41.343: AAA/AUTHEN/START (1508103918): port='Virtual-Access1' list='' action=LOGIN service=PPP Mar 11 00:29:41.343: AAA/AUTHEN/START (1508103918): using "default" list Mar 11 00:29:41.343: AAA/AUTHEN/START (1508103918): Method=radius (radius) Mar 11 00:29:52.631: unknown AAA/DISC: 9/"NAS Error" Mar 11 00:29:52.631: unknown AAA/DISC/EXT: 1002/"Unknown" Mar 11 00:30:11.919: Vi1 AAA/DISC: 1/"User Request" Mar 11 00:30:11.919: Vi1 AAA/DISC/EXT: 1045/"Received Terminate" Mar 11 00:30:12: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down Mar 11 00:30:12.211: Vi1 AAA/DISC: 2/"Lost Carrier" Mar 11 00:30:12.211: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier" Mar 11 00:30:12.211: Vi1 AAA/DISC: 2/"Lost Carrier" Mar 11 00:30:12.211: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier"

Сорри это я для ГРЕ писал, попробуйте 1485 или 1480. Или перебирайтесб на 4 МПД

Нашел залил, но как оказалось максимальное количество сесий ограничено 300. Да что то и не очень получается с радиусом.

set iface mtu 1500 set link mtu 1450 (3 версия с 1460 подымает НГ на 1400) !!! Это при ППтП и ГРЕ инкапсуляцией, компресия работать не будет !!!! Пинг бегает а странички не отключаються

Есть такая вот железка СISCO 4700M (133Mhz) 128 Mb Dram /16 Mb shared / 16 Flash . Не могу организовать VPN server (GRE,PPtP). Проблема такая -нет команды vpdn . Может версию иоса надо другую. Настраиваю по http://nag.ru/goodies/router_switch_config/cisco_7140.html. Все равно как настраивать. Очень хочу избавиться от ПК сервера.

Добавте словарь Д-Линк к радиусу. Дириктория соответсвенно dictionary. И если можно конфиги витложить радиуса где прописан ваш Д-ЛИНК.