ASR 1002 RP1 + PPPoE

skew_death · November 2, 2020

Собственно не подключается, выдает или 691 или 734, смотря что писать в aaa authorization. В данный момент есть 7002g2, конфиг практически тот же, за исключением radius server в новой циске. Конфиг циски:

hostname New_cisco
!
boot-start-marker
boot system bootflash:/asr1000rp1-adventerprisek9.03.16.09.S.155-3.S9-ext.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 xxxxxxxx.
!
aaa new-model
aaa session-mib disconnect
!
!
aaa authentication login default line
aaa authentication login auth_none none
aaa authentication ppp pppoe none
aaa accounting delay-start all
aaa accounting update periodic 10
aaa accounting network pppoe
 action-type start-stop
 group radius
!
!
!
!
!
!
aaa server radius dynamic-author
 client 172.16.x.x server-key 7 xxxxxx
 auth-type any
!
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone EKT 5 0
clock calendar-valid
!
!
!
!
!
!
!
!
!
!
!


no ip bootp server

no ip domain lookup
!
!
!
!
!
!
!
!
!
!
no subscriber templating
!
multilink bundle-name authenticated
vpdn enable
!
!
!
!
!
!
!
!
!
!
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
!
!
!
!
!
policy-map blocked
 class class-default
  police cir 8000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_7
 class class-default
  police cir 7168000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_5
 class class-default
  police cir 5242500
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_4
 class class-default
  police cir 4096000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_2
 class class-default
  police cir 2048000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_1
 class class-default
  police cir 1024000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_0
 class class-default
  police cir 256000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_z
 class class-default
  police cir 524288000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_q
 class class-default
  police cir 52428500
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_e
 class class-default
  police cir 104857500
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_d
 class class-default
  police cir 31457000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_c
 class class-default
  police cir 20971500
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_b
 class class-default
  police cir 15360000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map bezlim_a
 class class-default
  police cir 10240000
   conform-action transmit
   exceed-action drop
   violate-action drop
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
bba-group pppoe global
 virtual-template 1
 sessions max limit 500
 ac name GARANT
 sessions per-mac limit 1
 sessions per-vlan limit 1000
 sessions per-mac throttle 30 1 30
 sessions auto cleanup
!
!
!
interface Port-channel1
 ip address 10.5.0.4 255.255.255.248
 no negotiation auto
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 channel-group 1 mode active
!
interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
 channel-group 1 mode active
!
interface GigabitEthernet0/0/2
 no ip address
 no negotiation auto
!
interface GigabitEthernet0/0/2.99
 encapsulation dot1Q 99
 ip address 172.16.15.251 255.255.240.0
!
interface GigabitEthernet0/0/2.745
 encapsulation dot1Q 745
 pppoe enable group global
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Virtual-Template1
 description ---- PPPoE Dial-Up ----
 mtu 1492
 ip unnumbered Port-channel1
 ip access-group 101 in
 ip tcp header-compression
 peer default ip address pool pppoe-pool
 ppp mtu adaptive
 ppp authentication ms-chap-v2 ms-chap chap pppoe
 ppp authorization pppoe
 ppp accounting exit
 ppp ipcp dns 10.5.0.2 8.8.8.8
!
ip local pool pppoe-pool 10.1.0.1 10.1.3.254
ip forward-protocol nd
!
ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 10.5.0.2
ip route 10.10.10.1 255.255.255.255 10.5.0.2 255
!
access-list 101 deny   tcp any eq 445 any
access-list 101 deny   udp any host 255.255.255.255
access-list 101 deny   udp any any range netbios-ns netbios-ss
access-list 101 deny   tcp any any range 137 139
access-list 101 permit ip any any
!
snmp-server community garantsnmp RO
!
!
radius-server attribute 44 include-in-access-req default-vrf
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 31 mac format unformatted
radius-server retransmit 5
radius-server timeout 15
radius-server optional-passwords
radius-server key 7 xxxxxxx
radius-server vsa send cisco-nas-port
radius-server vsa send accounting 3gpp2
radius-server vsa send authentication 3gpp2
!
radius server radius
 address ipv4 172.16.x.x auth-port 1812 acct-port 1813
 key 7 xxxxxx
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
!
line con 0
 password 123
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password 123
!
!
end

Вывод:

Log Buffer (4096 bytes):
Port-Type       [61]  6   Virtual                   [5]
Nov  2 12:10:49.382: RADIUS:  Vendor, Cisco       [26]  17  
Nov  2 12:10:49.382: RADIUS:   cisco-nas-port     [2]   11  "0/0/2/745"
Nov  2 12:10:49.382: RADIUS:  NAS-Port            [5]   6   0                         
Nov  2 12:10:49.382: RADIUS:  NAS-Port-Id         [87]  11  "0/0/2/745"
Nov  2 12:10:49.382: RADIUS:  Vendor, Cisco       [26]  41  
Nov  2 12:10:49.382: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=00e0.4a39.2c5b"
Nov  2 12:10:49.382: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
Nov  2 12:10:49.382: RADIUS:  NAS-IP-Address      [4]   6   172.16.x.x             
Nov  2 12:10:49.382: RADIUS:  Acct-Session-Id     [44]  10  "00000057"
Nov  2 12:10:49.382: RADIUS:  Nas-Identifier      [32]  11  "New_cisco"
Nov  2 12:10:49.382: RADIUS(00000061): Sending a IPv4 Radius Packet
Nov  2 12:10:49.382: RADIUS(00000061): Started 15 sec timeout
Nov  2 12:10:49.383: RADIUS/ENCODE: Best Local IP-Address 172.16.x.x for Radius-Server 172.16.x.x
Nov  2 12:10:49.383: RADIUS(00000061): Send Access-Request to 172.16.x.x:1812 onvrf(0) id 1645/67, len 167
Nov  2 12:10:49.383: RADIUS:  authenticator EB 68 89 26 71 77 DF 44 - 9E 10 84 9B 86 C3 84 43
Nov  2 12:10:49.383: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Nov  2 12:10:49.383: RADIUS:  User-Name           [1]   9   "test123"
Nov  2 12:10:49.383: RADIUS:  User-Password       [2]   18  *
Nov  2 12:10:49.383: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Nov  2 12:10:49.383: RADIUS:  Vendor, Cisco       [26]  17  
Nov  2 12:10:49.383: RADIUS:   cisco-nas-port     [2]   11  "0/0/2/745"
Nov  2 12:10:49.383: RADIUS:  NAS-Port            [5]   6   0                         
Nov  2 12:10:49.383: RADIUS:  NAS-Port-Id         [87]  11  "0/0/2/745"
Nov  2 12:10:49.383: RADIUS:  Vendor, Cisco       [26]  41  
Nov  2 12:10:49.383: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=00e0.4a39.2c5b"
Nov  2 12:10:49.383: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
Nov  2 12:10:49.383: RADIUS:  NAS-IP-Address      [4]   6   172.16.x.x             
Nov  2 12:10:49.383: RADIUS:  Acct-Session-Id     [44]  10  "00000057"
Nov  2 12:10:49.383: RADIUS:  Nas-Identifier      [32]  11  "New_cisco"
Nov  2 12:10:49.383: RADIUS(00000061): Sending a IPv4 Radius Packet
Nov  2 12:10:49.383: RADIUS(00000061): Started 15 sec timeout
Nov  2 12:10:50.384: RADIUS: Received from id 1645/66 172.16.x.x:1812, Access-Reject, len 20
Nov  2 12:10:50.384: RADIUS:  authenticator C9 AE B7 55 A1 CF 5A 08 - 8D F1 36 87 65 E7 AE 1D
Nov  2 12:10:50.384: RADIUS(00000061): Received from id 1645/66
Nov  2 12:10:50.385: ppp68 PPP: Sending AAA radius abort
Nov  2 12:10:50.385: RADIUS: Received from id 1645/67 172.16.x.x:1812, Access-Reject, len 20
Nov  2 12:10:50.386: RADIUS:  authenticator 4B 2D 0F 6E B4 30 12 89 - 1F 99 5D AA DD FB A9 9A
Nov  2 12:10:50.386: RADIUS(00000061): Received from id 1645/67
Nov  2 12:10:50.390: [68]PPPoE 68: State LCP_NEGOTIATION    Event PPP DISCONNECT
Nov  2 12:10:50.390: [68]PPPoE 68: O PADT  R:00e0.4a39.2c5b L:0022.5563.ad02 Gi0/0/2.745
contiguous pak, size 64
	 00 E0 4A 39 2C 5B 00 22 55 63 AD 02 81 00 02 E9
	 88 63 11 A7 00 44 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Nov  2 12:10:50.390: [68]PPPoE 68: Destroying  R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745
Nov  2 12:10:50.390: dyn_attrs->xmit_rate: 1000000000 dyn_attrs->rcv_rate: 1000000000
Nov  2 12:10:50.390: [68]PPPoE 68: AAA get dynamic attrs
Nov  2 12:10:50.390: [68]PPPoE 68: AAA account stopped
Nov  2 12:10:50.391: [68]PPPoE 68: Segment (SSS class): UNPROVISION
Nov  2 12:10:50.399: PPPoE 68: I PADT  R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745
contiguous pak, size 64
	 00 22 55 63 AD 02 00 E0 4A 39 2C 5B 81 00 02 E9
	 88 63 11 A7 00 44 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

zhenya` · November 2, 2020

radius отвечает reject. разбирайтесь почему.

skew_death · November 3, 2020

Log Buffer (4096 bytes):
rt            [5]   6   0                         
Nov  3 05:24:37.854: RADIUS:  NAS-Port-Id         [87]  11  "0/0/2/745"
Nov  3 05:24:37.854: RADIUS:  Vendor, Cisco       [26]  41  
Nov  3 05:24:37.854: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=00e0.4a39.2c5b"
Nov  3 05:24:37.854: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Nov  3 05:24:37.854: RADIUS:  NAS-IP-Address      [4]   6   172.16.x.x             
Nov  3 05:24:37.854: RADIUS:  Acct-Session-Id     [44]  10  "00000075"
Nov  3 05:24:37.854: RADIUS:  Nas-Identifier      [32]  11  "New_cisco"
Nov  3 05:24:37.855: RADIUS(0000007F): Sending a IPv4 Radius Packet
Nov  3 05:24:37.855: RADIUS(0000007F): Started 15 sec timeout
Nov  3 05:24:37.856: RADIUS: Received from id 1645/83 172.16.x.x:1812, Access-Accept, len 326
Nov  3 05:24:37.856: RADIUS:  authenticator 6E FC 32 27 17 90 76 39 - C6 73 61 84 CA 2B 7B 55
Nov  3 05:24:37.856: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Nov  3 05:24:37.856: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP Header Compressi[1]
Nov  3 05:24:37.856: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Nov  3 05:24:37.856: RADIUS:  Acct-Interim-Interva[85]  6   60                        
Nov  3 05:24:37.856: RADIUS:  Vendor, Cisco       [26]  59  
Nov  3 05:24:37.856: RADIUS:   Cisco AVpair       [1]   53  "lcp:interface-config=service-policy output bezlim_e"
Nov  3 05:24:37.856: RADIUS:  Vendor, Cisco       [26]  58  
Nov  3 05:24:37.856: RADIUS:   Cisco AVpair       [1]   52  "lcp:interface-config=service-policy input bezlim_e"
Nov  3 05:24:37.856: RADIUS:  Framed-IP-Address   [8]   6   10.1.19.27                
Nov  3 05:24:37.856: RADIUS:  Vendor, Microsoft   [26]  51  
Nov  3 05:24:37.856: RADIUS:   MS-CHAP-V2-Success [26]  45  "^AS=0DE40988923211C4D7235FD8067E8AC608DAF10D"
Nov  3 05:24:37.857: RADIUS:  Vendor, Microsoft   [26]  42  
Nov  3 05:24:37.857: RADIUS:   MS-MPPE-Recv-Key   [17]  36  *
Nov  3 05:24:37.857: RADIUS:  Vendor, Microsoft   [26]  42  
Nov  3 05:24:37.857: RADIUS:   MS-MPPE-Send-Key   [16]  36  *
Nov  3 05:24:37.857: RADIUS:  Vendor, Microsoft   [26]  12  
Nov  3 05:24:37.857: RADIUS:   MS-MPPE-Enc-Policy [7]   6   
Nov  3 05:24:37.857: RADIUS:   00 00 00 01 
Nov  3 05:24:37.857: RADIUS:  Vendor, Microsoft   [26]  12  
Nov  3 05:24:37.857: RADIUS:   MS-MPPE-Enc-Type   [8]   6   
Nov  3 05:24:37.857: RADIUS:   00 00 00 06 
Nov  3 05:24:37.857: RADIUS(0000007F): Received from id 1645/83
Nov  3 05:24:37.857: ppp84 PPP: Received LOGIN Response PASS
Nov  3 05:24:37.876: PPPoE: Can't retrieve sub-block for VAI
Nov  3 05:24:37.877: PPPoE: Can't retrieve sub-block for VAI
Nov  3 05:24:37.878: PPPoE: Can't retrieve sub-block for VAI
Nov  3 05:24:37.878: PPPoE: Can't retrieve sub-block for VAI
Nov  3 05:24:37.887: PPPoE: Can't retrieve sub-block for VAI
Nov  3 05:24:37.887: PPPoE: Can't retrieve sub-block for VAI
Nov  3 05:24:37.900: dyn_attrs->xmit_rate: 1000000000 dyn_attrs->rcv_rate: 1000000000
Nov  3 05:24:37.900: [84]PPPoE 84: AAA get dynamic attrs
Nov  3 05:24:37.900: [84]PPPoE 84: State LCP_NEGOTIATION    Event SSS DISCONNECT
Nov  3 05:24:37.900: ppp84 MS-CHAP-V2: O FAILURE id 1 len 13 msg is "E=691 R=0"
Nov  3 05:24:37.901: [84]PPPoE 84: O PADT  R:00e0.4a39.2c5b L:0022.5563.ad02 Gi0/0/2.745
contiguous pak, size 64
	 00 E0 4A 39 2C 5B 00 22 55 63 AD 02 81 00 02 E9
	 88 63 11 A7 00 54 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Nov  3 05:24:37.901: [84]PPPoE 84: Destroying  R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745
Nov  3 05:24:37.901: [84]PPPoE 84: AAA account stopped
Nov  3 05:24:37.924: PPPoE 84: I PADT  R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745
contiguous pak, size 64
	 00 22 55 63 AD 02 00 E0 4A 39 2C 5B 81 00 02 E9
	 88 63 11 A7 00 54 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Nov  3 05:24:37.927: [84]PPPoE 84: Segment (SSS class): UNPROVISION

В любом случае возвращается 691. В логах freeradius'а все правильно.

Tue Nov  3 09:54:23 2020
        Packet-Type = Access-Request
        Framed-Protocol = PPP
        User-Name = "test123"
        MS-CHAP-Challenge = 0xd6faf85873f009c99d71d0005a44cc67
        MS-CHAP2-Response = 0x0100934d2ba3d0701377b61369345054e86000000000000000000547c3a88d53d6e20$
        NAS-Port-Type = Virtual
        Cisco-NAS-Port = "0/0/2/745"
        NAS-Port = 0
        NAS-Port-Id = "0/0/2/745"
        Cisco-AVPair = "client-mac-address=00e0.4a39.2c5b"
        Service-Type = Framed-User
        NAS-IP-Address = 172.16.x.x
        Acct-Session-Id = "0000005A"
        NAS-Identifier = "New_cisco"

zhenya` · November 3, 2020

ppp accounting exit -> ppp accounting pppoe
уберите ip tcp header-compression

и добавьте

ppp ipcp mask 255.255.255.255
ppp ipcp address unique

опять же aaa authentication ppp pppoe none

skew_death · November 3, 2020

Tue Nov  3 13:12:49 2020
        Packet-Type = Access-Request
        Framed-Protocol = PPP
        User-Name = "test123"
        MS-CHAP-Challenge = 0x9985080ce2009168f83a6e602dc5faf5
        MS-CHAP2-Response = 0x0100bcf73c3e643c1e10dc4cb717def5b25500000000000000009b975fa0d96e7726b$
        NAS-Port-Type = Virtual
        NAS-Port = 0
        NAS-Port-Id = "0/0/2/745"
        Cisco-AVPair = "client-mac-address=00e0.4a39.2c5b"
        Service-Type = Framed-User
        NAS-IP-Address = 172.16.15.251
        Acct-Session-Id = "00000085"
        NAS-Identifier = "New_cisco"

@zhenya` Забыл добавить, да это уже поправил что вы написали, перед тем как лог выкладывать.

Quote

ppp accounting exit -> ppp accounting pppoe, aaa authentication ppp pppoe none

Log Buffer (4096 bytes):
rt            [5]   6   0                         
Nov  3 08:00:25.694: RADIUS:  NAS-Port-Id         [87]  11  "0/0/2/745"
Nov  3 08:00:25.694: RADIUS:  Vendor, Cisco       [26]  41  
Nov  3 08:00:25.694: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=00e0.4a39.2c5b"
Nov  3 08:00:25.694: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Nov  3 08:00:25.694: RADIUS:  NAS-IP-Address      [4]   6   172.16.15.251             
Nov  3 08:00:25.694: RADIUS:  Acct-Session-Id     [44]  10  "00000085"
Nov  3 08:00:25.694: RADIUS:  Nas-Identifier      [32]  11  "New_cisco"
Nov  3 08:00:25.694: RADIUS(0000008F): Sending a IPv4 Radius Packet
Nov  3 08:00:25.695: RADIUS(0000008F): Started 15 sec timeout
Nov  3 08:00:25.697: RADIUS: Received from id 1645/85 172.16.4.3:1812, Access-Accept, len 326
Nov  3 08:00:25.697: RADIUS:  authenticator AA 9E 44 7F 92 DF AE 8A - 7B BA 9B 08 21 05 7F 89
Nov  3 08:00:25.697: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Nov  3 08:00:25.697: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP Header Compressi[1]
Nov  3 08:00:25.697: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Nov  3 08:00:25.697: RADIUS:  Acct-Interim-Interva[85]  6   60                        
Nov  3 08:00:25.697: RADIUS:  Vendor, Cisco       [26]  59  
Nov  3 08:00:25.697: RADIUS:   Cisco AVpair       [1]   53  "lcp:interface-config=service-policy output bezlim_e"
Nov  3 08:00:25.697: RADIUS:  Vendor, Cisco       [26]  58  
Nov  3 08:00:25.697: RADIUS:   Cisco AVpair       [1]   52  "lcp:interface-config=service-policy input bezlim_e"
Nov  3 08:00:25.697: RADIUS:  Framed-IP-Address   [8]   6   10.1.19.27                
Nov  3 08:00:25.697: RADIUS:  Vendor, Microsoft   [26]  51  
Nov  3 08:00:25.697: RADIUS:   MS-CHAP-V2-Success [26]  45  "^AS=9D47C4F6C55CE4A25A08881288C00D14DFC6C51F"
Nov  3 08:00:25.697: RADIUS:  Vendor, Microsoft   [26]  42  
Nov  3 08:00:25.697: RADIUS:   MS-MPPE-Recv-Key   [17]  36  *
Nov  3 08:00:25.697: RADIUS:  Vendor, Microsoft   [26]  42  
Nov  3 08:00:25.697: RADIUS:   MS-MPPE-Send-Key   [16]  36  *
Nov  3 08:00:25.697: RADIUS:  Vendor, Microsoft   [26]  12  
Nov  3 08:00:25.697: RADIUS:   MS-MPPE-Enc-Policy [7]   6   
Nov  3 08:00:25.697: RADIUS:   00 00 00 01 
Nov  3 08:00:25.697: RADIUS:  Vendor, Microsoft   [26]  12  
Nov  3 08:00:25.697: RADIUS:   MS-MPPE-Enc-Type   [8]   6   
Nov  3 08:00:25.697: RADIUS:   00 00 00 06 
Nov  3 08:00:25.698: RADIUS(0000008F): Received from id 1645/85
Nov  3 08:00:25.698: ppp86 PPP: Received LOGIN Response PASS
Nov  3 08:00:25.716: PPPoE: Can't retrieve sub-block for VAI
Nov  3 08:00:25.716: PPPoE: Can't retrieve sub-block for VAI
Nov  3 08:00:25.718: PPPoE: Can't retrieve sub-block for VAI
Nov  3 08:00:25.718: PPPoE: Can't retrieve sub-block for VAI
Nov  3 08:00:25.727: PPPoE: Can't retrieve sub-block for VAI
Nov  3 08:00:25.727: PPPoE: Can't retrieve sub-block for VAI
Nov  3 08:00:25.740: dyn_attrs->xmit_rate: 1000000000 dyn_attrs->rcv_rate: 1000000000
Nov  3 08:00:25.740: [86]PPPoE 86: AAA get dynamic attrs
Nov  3 08:00:25.740: [86]PPPoE 86: State LCP_NEGOTIATION    Event SSS DISCONNECT
Nov  3 08:00:25.740: ppp86 MS-CHAP-V2: O FAILURE id 1 len 13 msg is "E=691 R=0"
Nov  3 08:00:25.740: [86]PPPoE 86: O PADT  R:00e0.4a39.2c5b L:0022.5563.ad02 Gi0/0/2.745
contiguous pak, size 64
	 00 E0 4A 39 2C 5B 00 22 55 63 AD 02 81 00 02 E9
	 88 63 11 A7 00 56 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Nov  3 08:00:25.741: [86]PPPoE 86: Destroying  R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745
Nov  3 08:00:25.741: [86]PPPoE 86: AAA account stopped
Nov  3 08:00:25.762: PPPoE 86: I PADT  R:00e0.4a39.2c5b L:0022.5563.ad02 745 Gi0/0/2.745
contiguous pak, size 64
	 00 22 55 63 AD 02 00 E0 4A 39 2C 5B 81 00 02 E9
	 88 63 11 A7 00 56 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
	 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Nov  3 08:00:25.764: [86]PPPoE 86: Segment (SSS class): UNPROVISION

аналогично.

aaa authentication login default line
aaa authentication login auth_none none
aaa authentication ppp pppoe group radius
aaa authorization network pppoe group radius
aaa accounting delay-start all
aaa accounting update periodic 10

interface Virtual-Template1
 description ---- PPPoE Dial-Up ----
 mtu 1492
 ip unnumbered Port-channel1
 ip access-group 101 in
 peer default ip address pool pppoe-pool
 ppp mtu adaptive
 ppp authentication ms-chap-v2 ms-chap chap pppoe
 ppp authorization pppoe
 ppp accounting pppoe
 ppp ipcp dns 10.5.0.2 8.8.8.8
 ppp ipcp mask 255.255.255.255
 ppp ipcp address unique
!

Edited November 3, 2020 by skew_death

skew_death · November 3, 2020

Лог только по pppoe/aaa

Log Buffer (4096 bytes):
3: ppp98 PPP LCP: neg is authorized, processing incoming CONFREQ
Nov  3 09:38:58.665: ppp98 PPP LCP: neg is authorized, processing incoming CONFREQ
Nov  3 09:38:58.681: ppp98 MS-CHAP-V2: O CHALLENGE id 1 len 30 from "New_cisco"
Nov  3 09:38:58.684: ppp98 MS-CHAP-V2: I RESPONSE id 1 len 61 from "test123"
Nov  3 09:38:58.685: AAA/AUTHEN/PPP (000000AE): Pick method list 'pppoe' 
Nov  3 09:38:58.685: ppp98 PPP: Sent MSCHAP_V2 LOGIN Request
Nov  3 09:38:58.686: Getting session id for NET(000000AE) : db=3F247548
Nov  3 09:38:58.688: ppp98 PPP: Received LOGIN Response PASS
Nov  3 09:38:58.688: ppp98 PPP AUTHOR: Author Data Available
Nov  3 09:38:58.688: ppp98 PPP: Receive Attrs from[authen] Keep[LCP] MERGE
Nov  3 09:38:58.688: ppp98 PPP: Keep Attr: Framed-Protocol      0   1 [PPP]
Nov  3 09:38:58.688: ppp98 PPP: Updated the attr Framed-Protocol in datalist
Nov  3 09:38:58.688: ppp98 PPP: Skip Attr: link-compression     0   4 [vj]
Nov  3 09:38:58.689: ppp98 PPP: Keep Attr: service-type         0   2 [Framed]
Nov  3 09:38:58.689: ppp98 PPP: Updated the attr service-type in datalist
Nov  3 09:38:58.689: ppp98 PPP: Keep Attr: acct-interval        0   60 (0x3C)
Nov  3 09:38:58.689: ppp98 PPP: Updated the attr acct-interval in datalist
Nov  3 09:38:58.689: ppp98 PPP: Skip Attr: interface-config     0   "service-policy output bezlim_e"
Nov  3 09:38:58.689: ppp98 PPP: Skip Attr: interface-config     0   "service-policy input bezlim_e"
Nov  3 09:38:58.689: ppp98 PPP: Skip Attr: addr                 0   10.1.19.27
Nov  3 09:38:58.689: ppp98 PPP: Keep Attr: MS-CHAP-V2-Success   0   <hidden>
Nov  3 09:38:58.689: ppp98 PPP: Updated the attr MS-CHAP-V2-Success in datalist
Nov  3 09:38:58.689: ppp98 PPP: Skip Attr: MS-MPPE-Recv-Key     0   26 51 C9 92 50 36 EC 1F B4 3F 94 6D 82 E2 F3 F2 
Nov  3 09:38:58.689: ppp98 PPP: Skip Attr: MS-MPPE-Send-Key     0   AF 22 09 64 8D 03 AD 3A 9D 2E 3D DD 0B 90 C7 CE 
Nov  3 09:38:58.690: ppp98 PPP: Receive Attrs from[SSS] Keep[NCPs] MERGE
Nov  3 09:38:58.690: ppp98 PPP: Skip Attr: Framed-Protocol      0   1 [PPP]
Nov  3 09:38:58.690: ppp98 PPP: Skip Attr: link-compression     0   4 [vj]
Nov  3 09:38:58.690: ppp98 PPP: Skip Attr: service-type         0   2 [Framed]
Nov  3 09:38:58.690: ppp98 PPP: Skip Attr: interface-config     0   "service-policy output bezlim_e"
Nov  3 09:38:58.690: ppp98 PPP: Skip Attr: interface-config     0   "service-policy input bezlim_e"
Nov  3 09:38:58.690: ppp98 PPP: Keep Attr: addr                 0   10.1.19.27
Nov  3 09:38:58.690: ppp98 PPP: Updated the attr addr in datalist
Nov  3 09:38:58.690: ppp98 PPP: Skip Attr: MS-CHAP-V2-Success   0   <hidden>
Nov  3 09:38:58.690: ppp98 PPP: Keep Attr: MS-MPPE-Recv-Key     0   26 51 C9 92 50 36 EC 1F B4 3F 94 6D 82 E2 F3 F2 
Nov  3 09:38:58.691: ppp98 PPP: Updated the attr MS-MPPE-Recv-Key in datalist
Nov  3 09:38:58.691: ppp98 PPP: Keep Attr: MS-MPPE-Send-Key     0   AF 22 09 64 8D 03 AD 3A 9D 2E 3D DD 0B 90 C7 CE 
Nov  3 09:38:58.691: ppp98 PPP: Updated the attr MS-MPPE-Send-Key in datalist
Nov  3 09:38:58.707: INFO: AAA/AUTHOR: Processing PerUser AV link-compression
Nov  3 09:38:58.742: AAA/ACCT/CLIENT(000000AE): recv 1000000000bps xmit 1000000000bps
Nov  3 09:38:58.743: AAA/ACCT/HC(000000AE): Update PPPoE/A4000114 
Nov  3 09:38:58.743: AAA/ACCT/HC(000000AE): no HC PPPoE/A4000114 
Nov  3 09:38:58.743: ppp98 PPP: Sending Acct Event[Down] id[AE]
Nov  3 09:38:58.743: AAA/ACCT/EVENT/(000000AE): NET DOWN
Nov  3 09:38:58.743: AAA/ACCT/NET(000000AE): Method list not found
Nov  3 09:38:58.743: AAA/ACCT(000000AE): del node, session 164
Nov  3 09:38:58.743: AAA/ACCT/NET(000000AE): free_rec, count 0
Nov  3 09:38:58.743: /AAA/ACCTNET(000000AE) reccnt 0, csr TRUE, osr 0
Nov  3 09:38:58.743: AAA/ACCT/NET(000000AE): Last rec in db, intf enqueued
Nov  3 09:38:58.743: ppp98 MS-CHAP-V2: O FAILURE id 1 len 13 msg is "E=691 R=0"
Nov  3 09:38:58.743: AAA/ACCT/EVENT/(000000AE): NET DOWN
Nov  3 09:38:58.744: AAA/ACCT/EVENT/(000000AE): CALL STOP
Nov  3 09:38:58.744: AAA/ACCT(000000AE) reccnt 0, osr 0
Nov  3 09:38:58.763: ppp98 PPP: Clearing AAA Unique Id = AE

Sign In

ASR 1002 RP1 + PPPoE

Recommended Posts

skew_death

zhenya`

skew_death

zhenya`

skew_death

skew_death

Join the conversation