Jump to content

Cisco ESR 10k Radius auth

Andrey_open
 Share

Recommended Posts

Andrey_open

Andrey_open

Posted
Posted

Добрый день!

 

Помогите победить железяку - нужно по атрибутам радиуса узнать ip клиента. Вот все что приходит при авторизации:

 

FRAMED_PROTOCOL: PPP

SERVICE_TYPE: Framed-User

CISCO_NAS_PORT: Uniq-Sess-ID22

NAS_PORT_TYPE: Virtual

ACCT_SESSION_ID: AC11C0FC00000180

CHAP_CHALLENGE: 0xac319a8608ff57e445641e4683ef9072

NAS_PORT_ID: Uniq-Sess-ID22

CHAP_PASSWORD: 0x010e9cceb48167b47e9d8ec678fef3bd85

CLIENT_IP_ADDRESS: 172.17.192.252

NAS_IDENTIFIER: 172.017.192.252

USER_NAME: officex

NAS_IP_ADDRESS: 172.17.192.252

 

Почему то NAS-IP-ADDRESS = CLIENT-IP-ADDRESS :(

 

При аккаунтинге появляется атрибут Tunnel-Client-Endpoit, получить его при авторизации не получается.

Andrey_open

Andrey_open

Posted
  • Author
Posted
Воткни эту строчку:

vpdn aaa attribute nas-ip-address vpdn-nas

пробовал - тоже не подходит, с ним NAS_IP_ADDRESS и CLIENT_IP_ADDRESS становятся = адресу клиента. Может это баг иоса?

 

Cisco IOS Software, 10000 Software (C10K2-K91P11U2-M), Version 12.2(33)SB7, RELEASE SOFTWARE (fc3)

 

Valaskor

Valaskor

Posted
Posted

попробуйте использовать что-то из ветки команд radius-server attribute, хотя я не уверен, есть ли там что интересное в вашем иосе.

Andrey_open

Andrey_open

Posted
  • Author
Posted
попробуйте использовать что-то из ветки команд radius-server attribute, хотя я не уверен, есть ли там что интересное в вашем иосе.

пробовал, ничего интересного там нет.

 

Уже пишем проверку IP при получении стартового пакета acct, кривовато конечно, но другого выхода не вижу.

Konstantin Klimchev

Konstantin Klimchev

Posted
Posted (edited)
попробуйте использовать что-то из ветки команд radius-server attribute, хотя я не уверен, есть ли там что интересное в вашем иосе.

пробовал, ничего интересного там нет.

 

Уже пишем проверку IP при получении стартового пакета acct, кривовато конечно, но другого выхода не вижу.

http://www.cisco.com/en/US/docs/ios/12_2t/...e/radattr8.html - не оно?

 

ip будет в реквизите Framed-IP-Address

Edited by Konstantin Klimchev
Andrey_open

Andrey_open

Posted
  • Author
Posted
попробуйте использовать что-то из ветки команд radius-server attribute, хотя я не уверен, есть ли там что интересное в вашем иосе.

пробовал, ничего интересного там нет.

 

Уже пишем проверку IP при получении стартового пакета acct, кривовато конечно, но другого выхода не вижу.

http://www.cisco.com/en/US/docs/ios/12_2t/...e/radattr8.html - не оно?

 

ip будет в реквизите Framed-IP-Address

Framed-IP-Address содержит IP который навешивается на туннель, у нас задача узнать с какого IP этот туннель инициализируется.

smsm

smsm

Posted
Posted

тема много-много раз поднималась на разных форумах.

для себя уяснил примерное решение проблемы - менять иосы до тех пор, пока не найдется рабочий.

на 7204 надо было ип клиента.

 

 

Magnum72

Magnum72

Posted
Posted
пробовал, ничего интересного там нет.

Уже пишем проверку IP при получении стартового пакета acct, кривовато конечно, но другого выхода не вижу.

У нас работает вышеописанная команда на 7206 7201 10006 ASR1002

Andrey_open

Andrey_open

Posted
  • Author
Posted (edited)
пробовал, ничего интересного там нет.

Уже пишем проверку IP при получении стартового пакета acct, кривовато конечно, но другого выхода не вижу.

У нас работает вышеописанная команда на 7206 7201 10006 ASR1002

а иосом не поделитесь от c10k?

Edited by Andrey_open
Andrey_open

Andrey_open

Posted
  • Author
Posted

Вопрос №2 :)

 

Клиенты Xp, Vista, Win 7 подключаются все работает отлично, но роутеры длинка DIR-300/DIR-320 не хотят :( Впрочем тот же длинк DI-804HV ведет себя адекватно. Протокол L2TP.

 

В логах роутера ничего нету кроме:

PPP: Connection terminated.

CHAP authentication succeeded.

 

 

конфиг циски:

 

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cox
!
boot-start-marker
boot system flash disk1:c10k2-k91p11u2-mz.122-33.SB7.bin
boot-end-marker
!
enable secret 5 xxx
enable password xxx
!
aaa new-model
!
!
aaa authentication login default local-case
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius
!
!
!
!
aaa server radius dynamic-author
client 172.17.192.254 server-key secret
client 172.17.192.250 server-key secret
auth-type any
ignore session-key
ignore server-key
!
aaa session-id unique
clock timezone GMT+2 2
clock summer-time Kiev recurring last Sun Mar 2:00 last Sun Oct 2:00
clock calendar-valid
facility-alarm core-temperature major 58
facility-alarm core-temperature minor 50
facility-alarm intake-temperature major 54
facility-alarm intake-temperature minor 45
!
!
card 1/0 1gigethernet-1
card 4/0 1gigethernet-1
ip subnet-zero
no ip gratuitous-arps
ip domain lookup source-interface GigabitEthernet1/0/0
ip domain name domain.net.ua
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
!
!
!
!
vpdn enable
!
vpdn-group group
! Default L2TP VPDN group
accept-dialin
  protocol l2tp
  virtual-template 1
no l2tp tunnel authentication
ip pmtu
ip mtu adjust
!
!
!
username admin privilege 15 password 0 secret
access-list 1 permit 172.255.0.0 0.0.255.255
access-list 2 permit 10.0.0.0 0.255.255.255
access-list 10 permit 0.0.0.0 255.255.255.0
!
redundancy
mode sso
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0/0
ip address 192.168.3.222 255.255.255.0
speed 100
full-duplex
!
interface GigabitEthernet1/0/0
no ip address
negotiation auto
!
interface GigabitEthernet1/0/0.332
encapsulation dot1Q 332
ip address xx.xx.xx.xx 255.255.255.248
!
interface GigabitEthernet1/0/0.333
encapsulation dot1Q 333
ip address 172.17.193.254 255.255.255.0
!
interface GigabitEthernet4/0/0
ip address 172.17.192.252 255.255.255.0
negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback0
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map FORNAT
no peer default ip address
no keepalive
ppp authentication chap
ppp ipcp dns 8.8.8.8
!
ip local pool VPN 172.255.192.2 172.255.192.254
ip default-gateway xx.xx.xx.xx
ip classless
ip route 0.0.0.0 0.0.0.0 91.211.16.73
ip route 172.16.0.0 255.240.0.0 172.17.192.1
!
!
no ip http server
no ip http secure-server
!

!
route-map FORNAT permit 10
match ip address 1 2
set ip next-hop 172.17.193.253
!
snmp-server community commpass RO
!
radius-server attribute 44 include-in-access-req
radius-server attribute 44 extend-with-addr
radius-server attribute 188 format non-standard
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 25 access-request include
radius-server configure-nas
radius-server host 172.17.192.250 auth-port 1812 acct-port 1813
radius-server key secret
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
line con 0
exec-timeout 0 0
transport output all
line aux 0
transport output all
line vty 0 4
password xxx
transport input all
transport output all
!
ntp clock-period 17180676
ntp server 192.168.3.9
ntp server 91.198.10.20
end

 

дебаг:

 

Apr 22 13:11:45.381: L2TP       _____:________:
Apr 22 13:11:45.381: L2TP       _____:________: I SCCRQ, flg TLS, ver 2, len 106
Apr 22 13:11:45.381: L2TP       _____:________:  IETF v2:
Apr 22 13:11:45.381: L2TP       _____:________:   Protocol Version  1, Revision 0
Apr 22 13:11:45.381: L2TP       _____:________:   Framing Cap       both(0x3)
Apr 22 13:11:45.381: L2TP       _____:________:   Tie Breaker
Apr 22 13:11:45.381: L2TP       _____:________:     15312026488780543153
Apr 22 13:11:45.381: L2TP       _____:________:   Hostname          "DIR-300"
Apr 22 13:11:45.381: L2TP       _____:________:   Vendor Name
Apr 22 13:11:45.381: L2TP       _____:________:     "Alpha Networks Inc."
Apr 22 13:11:45.381: L2TP       _____:________:   Assigned Tunnel I 0x0000C01B (49179)
Apr 22 13:11:45.381: L2TP       _____:________:   Rx Window Size    4
Apr 22 13:11:45.381: L2TP       _____:________:
Apr 22 13:11:45.381: L2TP tnl   0748C:________: Create tunnel
Apr 22 13:11:45.381: L2TP tnl   0748C:________:     version set to V2
Apr 22 13:11:45.381: L2TP tnl   0748C:________:     remote ip set to 172.17.192.133
Apr 22 13:11:45.381: L2TP tnl   0748C:________:     local ip set to 172.17.192.252
Apr 22 13:11:45.381: L2TP tnl   0748C:000000BC: FSM-CC ev Rx-SCCRQ
Apr 22 13:11:45.381: L2TP tnl   0748C:000000BC: FSM-CC    Idle->Proc-SCCRQ
Apr 22 13:11:45.381: L2TP tnl   0748C:000000BC: FSM-CC do Rx-SCCRQ
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: Author reply, data source: "group"
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:     class name AAA author, group "group"
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:     peer cap async set
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:     peer cap sync set
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: FSM-CC ev SCCRQ-OK
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: FSM-CC    Proc-SCCRQ->Wt-SCCCN
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: FSM-CC do Tx-SCCRP
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: Open sock 172.17.192.252:1701->172.17.192.133:1701
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: FSM-CC ev Sock-Ready
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: FSM-CC    in Wt-SCCCN
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: FSM-CC do Ignore-Sock-Up
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: Control connection authentication skipped/passed.
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: O SCCRP to DIR-300 tnl 49179
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:  IETF v2:
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   Protocol Version  1, Revision 0
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   Framing Cap       both(0x3)
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   Firmware Ver      0x1130
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   Hostname          "cox"
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   Vendor Name
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:     "Cisco Systems, Inc."
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   Assigned Tunnel I 0x000000BC (188)
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   Rx Window Size    1024
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:  Cisco v2:
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   PPPoE Relay Forward Capable
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:   PPPoE Relay Response Capable
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.385: L2TP tnl   0748C:000000BC: Tx -> SCCRP loc 000000BC rem 0000C01B
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: Drain unsentQ, cur/max resendQ sz 1/2, unsentQ 0
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: Drain unsentQ, cur/max resendQ sz 0/2, unsentQ 0
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: I SCCCN, flg TLS, ver 2, len 20
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: FSM-CC ev Rx-SCCCN
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: FSM-CC    Wt-SCCCN->Proc-SCCCN
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: FSM-CC do Rx-SCCCN
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: Control connection authentication skipped/passed.
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: O ZLB ACK to DIR-300 tnl 49179
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: Tx -> ZLB A loc 000000BC rem 0000C01B
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: FSM-CC ev SCCCN-OK
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: FSM-CC    Proc-SCCCN->established
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: FSM-CC do Established
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC: Control channel up
Apr 22 13:11:45.389: L2TP tnl   0748C:000000BC:   172.17.192.252<->172.17.192.133
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC: Control connection authentication skipped/passed.
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC: I ICRQ, flg TLS, ver 2, len 38
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC:  IETF v2:
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC:   Assigned Call ID  0x00008615 (34325)
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC:   Serial Number     1
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.393: L2TP _____:_____:________: Create session
Apr 22 13:11:45.393: L2TP _____:_____:________:   Using ICRQ FSM
Apr 22 13:11:45.393: L2TP _____:_____:________: FSM-Sn ev created
Apr 22 13:11:45.393: L2TP _____:_____:________: FSM-Sn    Init->Idle
Apr 22 13:11:45.393: L2TP _____:_____:________: FSM-Sn do none
Apr 22 13:11:45.393: L2TP _____:_____:________:     remote ip set to 172.17.192.133
Apr 22 13:11:45.393: L2TP _____:_____:________:     local ip set to 172.17.192.252
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC: FSM-CC ev Session-Conn
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC: FSM-CC    in established
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC: FSM-CC do Session-Conn-Est
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC:   Session count now 1
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: FSM-Sn ev CC-Up
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: FSM-Sn    in Idle
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: FSM-Sn do CC-Up-Ignore0-1
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: Session attached
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: no cookies enabled
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: FSM-Sn ev Rx-ICRQ
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: FSM-Sn    Idle->Proc-ICRQ
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: FSM-Sn do Rx-ICRQ
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333:   Chose application VPDN
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333:   App type set to VPDN
Apr 22 13:11:45.393: L2TP tnl   0748C:000000BC:   VPDN Session count now 1
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: VPDN: process AVPs
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: Local AC is now UP
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: Remote AC is now UP
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: APP<-L2TP: Incoming
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333:            sock 00000000
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333:            serv 0000748A
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.393: L2TP _____:0748C:0000D333: Rx <- ICRQ  loc 0000D333 rem 00008615 ser 00000001
Apr 22 13:11:45.393: VPDN Received L2TUN socket message <xCRQ - Session Incoming>
Apr 22 13:11:45.393: VPDN Tnl/Sn 188 54067 L2TUN socket session accept requested
Apr 22 13:11:45.393: VPDN Tnl/Sn 188 54067 Setting up dataplane for L2-L2, no idb
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: L2TUN: add sock C900008E
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: APP->L2TP: Accept [6],
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            sock C900008E
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            serv 0000748A
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            data 231A885C[137]
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            replied on new socket
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   App type set to VPDN
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   Conditional debugging is enabled
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   Set DF bit is enabled
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   Path MTU is enabled
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   UDP checksum ignore is enabled
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   Framing set to sync
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   Bearer set to none
Apr 22 13:11:45.397: L2TP tnl   0748C:000000BC:   Session PMTU count now 1
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn ev ICRQ-OK
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn    Proc-ICRQ->Wt-Tx-ICRP
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn do Tx-ICRP-Local-Check
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn ev Local-Cont
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn    Wt-Tx-ICRP->Wt-Rx-ICCN
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn do Tx-ICRP
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: Open sock 172.17.192.252:1701->172.17.192.133:1701
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn ev Sock-Ready
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn    in Wt-Rx-ICCN
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn do Ignore-Sock-Up
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: O ICRP to DIR-300 49179/34325
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:  IETF v2:
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:   Assigned Call ID  0x0000D333 (54067)
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: Tx -> ICRP  loc 0000D333 rem 00008615 ser 00000001
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: APP->L2TP: Setup dataplane [15],
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            sock C900008E
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            serv 0000748A
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            data 732410DC[20]
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:            replied on same socket
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn ev DP-Setup
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn    in Wt-Rx-ICCN
Apr 22 13:11:45.397: L2TP _____:0748C:0000D333: FSM-Sn do Ignore-DP-Setup
Apr 22 13:11:45.401: L2TP tnl   0748C:000000BC: Control connection authentication skipped/passed.
Apr 22 13:11:45.401: L2TP tnl   0748C:000000BC: Drain unsentQ, cur/max resendQ sz 1/3, unsentQ 0
Apr 22 13:11:45.401: L2TP tnl   0748C:000000BC: Drain unsentQ, cur/max resendQ sz 0/3, unsentQ 0
Apr 22 13:11:45.401: L2TP tnl   0748C:000000BC:
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: I ICCN, flg TLS, ver 2, len 40
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:  IETF v2:
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:   Framing Type      sync(1)
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:   Connect Speed     57600
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: O ZLB ACK to DIR-300 49179/34325
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: Tx -> ZLB A loc 0000D333 rem 00008615 ser 00000001
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: FSM-Sn ev Rx-ICCN
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: FSM-Sn    Wt-Rx-ICCN->Proc-ICCN
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: FSM-Sn do Rx-ICCN
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:   MTU is 65535
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: Session data plane UP
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: VPDN: process AVPs
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: APP<-L2TP: Connected
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:            sock C900008E
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:            serv 0000748A
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: FSM-Sn ev ICCN-OK
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: FSM-Sn    Proc-ICCN->established
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: FSM-Sn do Established
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: Session up
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333:   172.17.192.252<->172.17.192.133
Apr 22 13:11:45.401: L2TP _____:0748C:0000D333: Rx <- ICCN  loc 0000D333 rem 00008615 ser 00000001
Apr 22 13:11:45.405: VPDN Received L2TUN socket message <xCCN - Session Connected>
Apr 22 13:11:45.405: VPDN uid:155 VPDN session up
Apr 22 13:11:46.549: VPDN Vi2.7 Virtual interface created for unknown, bandwidth 57 Kbps
Apr 22 13:11:46.549: L2TP _____:0748C:0000D333: APP->L2TP: Session updated [12],
Apr 22 13:11:46.549: L2TP _____:0748C:0000D333:            sock C900008E
Apr 22 13:11:46.549: L2TP _____:0748C:0000D333:            serv 0000748A
Apr 22 13:11:46.549: L2TP _____:0748C:0000D333:            data 7325491C[99]
Apr 22 13:11:46.549: L2TP _____:0748C:0000D333:            replied on same socket
Apr 22 13:11:46.549: L2TP _____:0748C:0000D333:
Apr 22 13:11:46.549: L2TP _____:0748C:0000D333:   App type set to VPDN
Apr 22 13:11:46.549: L2TP 0009B:0748C:0000D333:   Framing set to sync
Apr 22 13:11:46.549: L2TP 0009B:0748C:0000D333:   Bearer set to none
Apr 22 13:11:46.549: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:46.549: L2TP 0009B:0748C:0000D333: APP<-L2TP: Dataplane up
Apr 22 13:11:46.549: L2TP 0009B:0748C:0000D333:            sock C900008E
Apr 22 13:11:46.549: L2TP 0009B:0748C:0000D333:            serv 0000748A
Apr 22 13:11:46.549: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:46.549: VPDN Received L2TUN socket message <Dataplane UP>
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333: FSM-Sn ev DP-Up
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333: FSM-Sn    in established
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333: FSM-Sn do Ignore-DP-UP
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333: APP->L2TP: Session updated [12],
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            sock C900008E
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            serv 0000748A
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            data 730CEF84[112]
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            replied on same socket
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:   App type set to VPDN
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:   Framing set to sync
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:   Bearer set to none
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333: APP->L2TP: Session updated [12],
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            sock C900008E
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            serv 0000748A
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            data 7325491C[67]
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:            replied on same socket
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:   App type set to VPDN
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:   Framing set to sync
Apr 22 13:11:46.553: L2TP 0009B:0748C:0000D333:   Bearer set to none
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC: StopCCN: skip authen, no nonce yet
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC: I StopCCN, flg TLS, ver 2, len 61
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:  IETF v2:
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:   Result Code
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:     General error - refer to error code(1)
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:     Error code
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:       No error(0)
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:     Optional msg
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:       "Last session has closed"
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:   Assigned Tunnel I 0x0000C01B (49179)
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC: O ZLB ACK to DIR-300 tnl 49179
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC:
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC: Tx -> ZLB A loc 000000BC rem 0000C01B
Apr 22 13:11:47.661: L2TP tnl   0748C:000000BC: FSM-CC ev Rx-StopCCN
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC    in established
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC do Rx-StopCCN
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: Shutting down tunnel
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   With 1 session
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   Result Code
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:     General error - refer to error code
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   Error Code
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:     No error
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   Vendor Error
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:     None
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   Optional Message
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:     "Last session has closed"
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC ev Shut-Now
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC    established->Wt-STOPACK
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC do Shutnow
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: FSM-Sn ev CC-Down
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: FSM-Sn    established->Idle
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: FSM-Sn do CC-Down
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: Shutting down session
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:   Result Code
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:     Call disconnected, refer to error msg (2)
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:   Error Code
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:     No error (0)
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:   Vendor Error
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:     None (0)
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:   Optional Message
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:     "Last session has closed"
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: FSM-Sn ev Shut
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: FSM-Sn    Idle->Dead
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: FSM-Sn do Destroy
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: APP<-L2TP: Disconnect
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:            sock C900008E
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:            serv 0000748A
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:            Last session has closed
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: Session down
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333:   172.17.192.252<->172.17.192.133
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: Destroying session
Apr 22 13:11:47.665: L2TP 0009B:0748C:0000D333: Request teardown data plane
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC ev Session-Disc
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC    in Wt-STOPACK
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC do Session-Disc-Shut
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   Session count now 0
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   VPDN Session count now 0
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   Session PMTU count now 0
Apr 22 13:11:47.665: L2TP 0009B:_____:________: Session detached
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC ev Shut-Comp
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC    Wt-STOPACK->Dead
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: FSM-CC do Shutdown-Completed
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: Control channel down
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC:   172.17.192.252<->172.17.192.133
Apr 22 13:11:47.665: L2TP tnl   0748C:000000BC: Destroying tunnel
Apr 22 13:11:47.669: VPDN Received L2TUN socket message <CDN - Session Disconnected>
Apr 22 13:11:47.669: VPDN Vi2.7 disconnect (TEST-CMD) IETF: 1/user-request Ascend: 28/PPP Receive Term
Apr 22 13:11:47.669: VPDN Vi2.7 vpdn shutdown session, result=2, error=7, vendor_err=0
Apr 22 13:11:47.669: VPDN Vi2.7 VPDN/AAA: accounting stop sent
Apr 22 13:11:47.669: VPDN Vi2.7 Unbinding session from idb
Apr 22 13:11:47.669: Vi2.7 VPDN: Resetting interface
Apr 22 13:11:47.669: L2X  0009B:_____:________:
Apr 22 13:11:47.669: L2X  0009B:_____:________: APP->L2TP: Destroy [11],
Apr 22 13:11:47.669: L2X  0009B:_____:________:            sock C900008E
Apr 22 13:11:47.669: L2X  0009B:_____:________:            serv 0000748A
Apr 22 13:11:47.669: L2X  0009B:_____:________:            data 231892F8[277]
Apr 22 13:11:47.669: L2X  0009B:_____:________:            replied on same socket
Apr 22 13:11:47.669: L2X  0009B:_____:________:
Apr 22 13:11:47.669: L2X  0009B:_____:________: L2TUN: remove sock C900008E

Magnum72

Magnum72

Posted
Posted
пробовал, ничего интересного там нет.

Уже пишем проверку IP при получении стартового пакета acct, кривовато конечно, но другого выхода не вижу.

У нас работает вышеописанная команда на 7206 7201 10006 ASR1002

а иосом не поделитесь от c10k?

Для 10000: c10k2-p11-mz.122-33.SB8.bin

Для 720х : c7200p-ipbase-mz.124-4.XD12.bin

Для 1002 : asr1000rp1-advipservices.02.05.02.122-33.XNE2.bin

Andrey_open

Andrey_open

Posted
  • Author
Posted
Клиенты Xp, Vista, Win 7 подключаются все работает отлично, но роутеры длинка DIR-300/DIR-320 не хотят :( Впрочем тот же длинк DI-804HV ведет себя адекватно. Протокол L2TP.

Проблема решена. Не хотело работать изза этой конструкции:

 

interface Virtual-Template1

ip unnumbered Loopback0

Прописал ip, роутер подключился.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.