[PeterPen]

Есть такая вот железка СISCO 4700M (133Mhz) 128 Mb Dram /16 Mb shared / 16 Flash . Не могу организовать VPN server (GRE,PPtP). Проблема такая -нет команды vpdn . Может версию иоса надо другую. Настраиваю по http://nag.ru/goodies/router_switch_config/cisco_7140.html. Все равно как настраивать. Очень хочу избавиться от ПК сервера.

[UglyAdmin]

Больно уж железка старенькая.

Для 4000/4500/4700 есть IOS с PPTP, ищите по фичнавигатору.

[PeterPen]

Нашел залил, но как оказалось максимальное количество сесий ограничено 300. Да что то и не очень получается с радиусом.

[PeterPen]

Мой конфиг:

Building configuration...

 

Current configuration : 3448 bytes

!

version 12.2

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

service password-encryption

!

hostname ххххххххххххх.ua

!

boot system flash

aaa new-model

aaa authentication login default local

aaa authentication ppp default group radius local

aaa authorization exec default local

aaa authorization network default group radius if-authenticated

aaa accounting update periodic 1

aaa accounting network default start-stop group radius

aaa accounting system default start-stop group radius

enable secret 5 $1$NMUC$OMIJ6tGD/tYF67gthpY1g/

enable password 7 0506031D22595C0000440D0A595C547D

!

username admin password 7 030A5E1C471B2E584F05150C1919405D5C

clock timezone Kyiv 2

ip subnet-zero

ip cef

no ip domain-lookup

ip domain-name хххххххххххххх.ua

ip name-server 194.44.214.37

ip name-server 194.44.214.40

!

virtual-profile virtual-template 1

vpdn enable

vpdn source-ip 172.16.0.1

vpdn aaa attribute nas-ip-address vpdn-nas

vpdn logging

vpdn logging local

vpdn session-limit 300

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

pptp flow-control static-rtt 500

ip mtu adjust

!

!

!

!

!

interface Loopback1

ip address 172.16.0.1 255.255.255.255

ip nat inside

!

interface Ethernet0

description PPtP_dialin_interface1

ip address 192.168.1.250 255.255.255.0

tx-ring-limit 32

tx-queue-limit 32

media-type 10BaseT

random-detect

!

interface Ethernet1

no ip address

shutdown

media-type 10BaseT

!

interface Ethernet2

no ip address

shutdown

media-type 10BaseT

!

interface Ethernet3

description Radius interface

ip address 10.0.0.101 255.255.255.192

media-type 10BaseT

!

interface Ethernet4

no ip address

shutdown

media-type 10BaseT

!

interface Ethernet5

description Internet-interface1

ip address ххх.ххх.ххх.ххх 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

no ip route-cache cef

media-type 10BaseT

!

interface Virtual-Template1

ip unnumbered Loopback1

ip access-group 101 in

ip mtu 1460

ip tcp header-compression

ip mroute-cache

keepalive 60

timeout absolute 6000 0

autodetect encapsulation ppp

peer default ip address pool DIAL-IN

fair-queue

ppp encrypt mppe auto

ppp authentication ms-chap chap pap callin

!

ip local pool DIAL-IN 172.16.0.2 172.16.0.254

ip nat inside source list 4 interface Ethernet5 overload

ip classless

ip route 0.0.0.0 0.0.0.0 ххх.ххх.ххх.ххх

ip http server

!

ip radius source-interface Ethernet3

access-list 4 permit 172.16.0.0 0.0.0.255

access-list 101 deny tcp any any eq 135

access-list 101 deny tcp any any eq 137

access-list 101 deny tcp any any eq 138

access-list 101 deny tcp any any eq 139

access-list 101 deny tcp any any eq 445

access-list 101 deny tcp any any eq 69

access-list 101 deny udp any any eq 135

access-list 101 deny udp any any eq netbios-ns

access-list 101 deny udp any any eq netbios-dgm

access-list 101 deny udp any any eq netbios-ss

access-list 101 deny udp any any eq 445

access-list 101 permit ip any any

access-list 101 permit gre any any

access-list 101 permit tcp any any

access-list 101 permit udp any any

access-list 101 permit icmp any any

radius-server host 10.0.0.100 auth-port 1812 acct-port 1813

radius-server timeout 30

radius-server challenge-noecho

radius-server key 7 13171616021917

radius-server vsa send accounting

radius-server vsa send authentication

!

line con 0

line aux 0

line vty 0 4

!

end

 

 

Авторизацию проходит но дальше ничего интерфейс впдн падает и дает ошибку 718 - нет ответа, в какую сторону копать ? Дебаг пишет:

00:29:39: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Mar 11 00:29:39.339: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially

Mar 11 00:29:39.339: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress

Mar 11 00:29:41.343: AAA: parse name=Virtual-Access1 idb type=21 tty=-1

Mar 11 00:29:41.343: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0

Mar 11 00:29:41.343: AAA/MEMORY: create_user (0x615E9D64) user='333' ruser='NULL' ds0=0 port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1 initial_task_id='0'

Mar 11 00:29:41.343: AAA/AUTHEN/START (1508103918): port='Virtual-Access1' list='' action=LOGIN service=PPP

Mar 11 00:29:41.343: AAA/AUTHEN/START (1508103918): using "default" list

Mar 11 00:29:41.343: AAA/AUTHEN/START (1508103918): Method=radius (radius)

Mar 11 00:29:52.631: unknown AAA/DISC: 9/"NAS Error"

Mar 11 00:29:52.631: unknown AAA/DISC/EXT: 1002/"Unknown"

Mar 11 00:30:11.919: Vi1 AAA/DISC: 1/"User Request"

Mar 11 00:30:11.919: Vi1 AAA/DISC/EXT: 1045/"Received Terminate"

Mar 11 00:30:12: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

Mar 11 00:30:12.211: Vi1 AAA/DISC: 2/"Lost Carrier"

Mar 11 00:30:12.211: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier"

Mar 11 00:30:12.211: Vi1 AAA/DISC: 2/"Lost Carrier"

Mar 11 00:30:12.211: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier"

Изменено 10 марта, 2007 пользователем PeterPen

[PeterPen]

*Mar 11 01:43:27: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

*Mar 11 01:43:27.875: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially

*Mar 11 01:43:27.875: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress

*Mar 11 01:43:29.911: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress

*Mar 11 01:43:29.915: AAA: parse name=Virtual-Access1 idb type=21 tty=-1

*Mar 11 01:43:29.915: AAA: name=Virtual-Access1 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=1 channel=0

*Mar 11 01:43:29.915: AAA/MEMORY: create_user (0x615D9DDC) user='333' ruser='NULL' ds0=0 port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1 initial_task_id='0'

*Mar 11 01:43:29.915: AAA/AUTHEN/START (2387013710): port='Virtual-Access1' list='' action=LOGIN service=PPP

*Mar 11 01:43:29.915: AAA/AUTHEN/START (2387013710): using "default" list

*Mar 11 01:43:29.915: AAA/AUTHEN/START (2387013710): Method=radius (radius)

*Mar 11 01:43:29.915: RADIUS: ustruct sharecount=1

*Mar 11 01:43:29.915: Radius: radius_port_info() success=1 radius_nas_port=1

*Mar 11 01:43:29.915: RADIUS: Initial Transmit Virtual-Access1 id 32 10.0.0.100:1812, Access-Request, len 145

*Mar 11 01:43:29.915: Attribute 4 6 0A000065

*Mar 11 01:43:29.919: Attribute 5 6 00000001

*Mar 11 01:43:29.919: Attribute 61 6 00000005

*Mar 11 01:43:29.919: Attribute 1 5 3333332C

*Mar 11 01:43:29.919: Attribute 44 10 0000000A

*Mar 11 01:43:29.919: Attribute 26 16 000001370B0A6C75

*Mar 11 01:43:29.919: Attribute 26 58 0000013701341201

*Mar 11 01:43:29.919: Attribute 6 6 00000002

*Mar 11 01:43:29.919: Attribute 7 6 00000001

*Mar 11 01:43:29.919: Attribute 8 6 AC100002

*Mar 11 01:43:41.487: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:41.487: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:42.939: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:42.939: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:44.675: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:44.675: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:46.783: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:46.783: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:47.955: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:47.955: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:49.007: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:49.007: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:49.951: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:49.951: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:50.963: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:50.963: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:51.819: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:51.819: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:52.795: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:52.795: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:53.595: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:53.595: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:54.531: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:54.531: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:55.311: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:55.311: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:56.243: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:56.243: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:57.083: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:57.083: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:58.043: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:58.047: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:58.907: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:58.907: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:59.719: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:43:59.719: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:43:59.919: RADIUS: Retransmit id 32

*Mar 11 01:44:00.307: Vi1 AAA/DISC: 1/"User Request"

*Mar 11 01:44:00.307: Vi1 AAA/DISC/EXT: 1045/"Received Terminate"

*Mar 11 01:44:00: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

*Mar 11 01:44:00.311: Vi1 AAA/DISC: 2/"Lost Carrier"

*Mar 11 01:44:00.311: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier"

*Mar 11 01:44:00.311: Vi1 AAA/DISC: 2/"Lost Carrier"

*Mar 11 01:44:00.311: Vi1 AAA/DISC/EXT: 1011/"Lost Carrier"

*Mar 11 01:44:00.619: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:00.619: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:01.855: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:01.855: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:09.675: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:09.675: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:10.635: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:10.635: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:11.583: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:11.583: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:12.439: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:12.439: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:13.351: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:13.351: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:29.919: RADIUS: Retransmit id 32

*Mar 11 01:44:41.715: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:41.715: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:46.955: AAA/AUTHOR: config command authorization not enabled

*Mar 11 01:44:46.955: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:44:46.955: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:44:59.919: RADIUS: Retransmit id 32

*Mar 11 01:45:03.659: AAA/AUTHOR: config command authorization not enabled

*Mar 11 01:45:03.659: unknown AAA/DISC: 9/"NAS Error"

*Mar 11 01:45:03.659: unknown AAA/DISC/EXT: 1002/"Unknown"

*Mar 11 01:45:29.919: RADIUS: Tried all servers.

*Mar 11 01:45:29.919: RADIUS: No valid server found. Trying any viable server

*Mar 11 01:45:29.919: RADIUS: Tried all servers.

*Mar 11 01:45:29.919: RADIUS: No response for id 32

*Mar 11 01:45:29.919: Radius: No response from server

*Mar 11 01:45:29.919: AAA/AUTHEN (2387013710): status = ERROR

*Mar 11 01:45:29.919: AAA/AUTHEN/START (2387013710): no methods left to try

*Mar 11 01:45:29.919: AAA/AUTHEN (2387013710): status = ERROR

*Mar 11 01:45:29.919: AAA/AUTHEN/START (2387013710): failed to authenticate

*Mar 11 01:45:29.919: Virtual-Access1 AAA/DISC: 17/"User Error"

*Mar 11 01:45:29.919: Virtual-Access1 AAA/DISC/EXT: 1043/"CHAP Auth Failed"

*Mar 11 01:45:29.919: AAA/ACCT/PROG: Could not determine ds0 to update Connect Progress

*Mar 11 01:45:29.919: Vi1 AAA/DISC: 18/"Host Request"

*Mar 11 01:45:29.919: Vi1 AAA/DISC/EXT: 1046/"Upper Layer Req Close"

*Mar 11 01:45:29.919: AAA/MEMORY: free_user (0x615D9DDC) user='333' ruser='NULL' port='Virtual-Access1' rem_addr='' authen_type=MSCHAP service=PPP priv=1

*Mar 11 01:45:29.919: Vi1 AAA/AUTHOR/PER-USER: Event LCP_DOWN

[UglyAdmin]

А РАДИУС правильно настроен?

Что-то мне не нравится: AAA/DISC: 9/"NAS Error"

 

 

300 сессий для такой железки более чем достаточно, она раньше от трафика сдохнет :(

[PeterPen]

Все догнал дело во фри радиусе он заточен только для 2511 и 5300 и т.д. От рафика она не умрет свои 75 мегабит отроутит на ура. Чуть помощнее 3640. Так а где взять список атрибутов как их передавать через радиус. Видел кусок на нетап.

П.С. Большое спасибо всем за помощь!!!!

[smsm]

по пптп 75 мегабит на ура ?

имхо это _очень_ оптимистично

[UglyAdmin]

Не будьте столь оптимистичны, 3640 - это около 20 мегабит реального трафика, причём IP. От PPTP ей плохеет раза в два.

4700 - это 75Kpps, 38мегабит в идеальном случае.

С учётом того, что последний IOS для 4700 - это 12.2, очень много там ещё просто не запихали в CEF, так что ...