Cisco_L2tp_aaa

romantix74 · July 8, 2013

Добрый день .

Нужно связать Cisco ASR 1002--freeradius(в_режиме_proxy)----древнющий_radius_Merit3.6В(в составе_биллинга_Абсолют).

1. Сделал связку Cisco ASR 1002--freeradius(в_режиме_локальной аутентификации через файл users) -- все работает .

Клиентом работает mikrotik RB750.

LOG на cisco :

Jul 8 12:29:30: RADIUS(000007A7): Send Access-Request to X.X.0.241:1812 id 1645/172,len 115

*Jul 8 12:29:30: RADIUS: authenticator 35 72 B2 C4 14 B2 D1 A5 - AA 21 53 43 E9 A4 73 74

*Jul 8 12:29:30: RADIUS: Framed-Protocol [7] 6 PPP [1]

*Jul 8 12:29:30: RADIUS: User-Name [1] 19 "user2@example.com"

*Jul 8 12:29:30: RADIUS: CHAP-Password [3] 19 *

*Jul 8 12:29:30: RADIUS: Connect-Info [77] 11 "100000000"

*Jul 8 12:29:30: RADIUS: NAS-Port-Type [61] 6 Virtual [5]

ASR-1002-X(config-radius-server)#

*Jul 8 12:29:30: RADIUS: NAS-Port [5] 6 24

*Jul 8 12:29:30: RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID24"

*Jul 8 12:29:30: RADIUS: Service-Type [6] 6 Framed [2]

*Jul 8 12:29:30: RADIUS: NAS-IP-Address [4] 6 Y.Y.0.1

*Jul 8 12:29:30: RADIUS(000007A7): Started 5 sec timeout

*Jul 8 12:29:30: RADIUS: Received from id 1645/172 X.X.0.241:1812, Access-Accept, len 58

*Jul 8 12:29:30: RADIUS: authenticator 74 16 82 BD 83 F7 4F AC - CB 03 06 A6 01 EA 01 A1

*Jul 8 12:29:30: RADIUS: Service-Type [6] 6 Framed [2]

*Jul 8 12:29:30: RADIUS: Framed-Protocol [7] 6 PPP [1]

*Jul 8 12:29:30: RADIUS: Tunnel-Type [64] 6 00:L2TP [3]

*Jul 8 12:29:30: RADIUS: Framed-IP-Address [8] 6 172.30.0.34

*Jul 8 12:29:30: RADIUS: Tunnel-Server-Endpoi[67] 14 "X.X.0.97"

*Jul 8 12:29:30: RADIUS(000007A7): Received from id 1645/172

*Jul 8 12:29:30: ppp24 PPP: Received LOGIN Response PASS

*Jul 8 12:29:30: ppp24 PPP: Phase is FORWARDING, Attempting Forward

*Jul 8 12:29:30: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User

*Jul 8 12:29:30: Vi2.1 CHAP: O SUCCESS id 1 len 4

*Jul 8 12:29:30: Vi2.1 PPP: Phase is UP

2. Прикручиваю уже неделю требуемую выше связку - дошел до Access-Accept со стороны Merit , но теперь ругается на authentication failure

*Jul 8 12:37:58: RADIUS(000007C5): Sending a IPv4 Radius Packet

*Jul 8 12:37:58: RADIUS(000007C5): Send Access-Request to X.X.0.241:1645 id 1645/189,len 106

*Jul 8 12:37:58: RADIUS: authenticator C0 E4 78 97 2B F1 78 18 - AA 21 53 43 23 71 10 9A

*Jul 8 12:37:58: RADIUS: Framed-Protocol [7] 6 PPP [1]

*Jul 8 12:37:58: RADIUS: User-Name [1] 10 "user3100"

*Jul 8 12:37:58: RADIUS: CHAP-Password [3] 19 *

*Jul 8 12:37:58: RADIUS: Connect-Info [77] 11 "100000000"

*Jul 8 12:37:58: RADIUS: NAS-Port-Type [61] 6 Virtual [5]

*Jul 8 12:37:58: RADIUS: NAS-Port [5] 6 41

*Jul 8 12:37:58: RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID41"

*Jul 8 12:37:58: RADIUS: Service-Type [6] 6 Framed [2]

*Jul 8 12:37:58: RADIUS: NAS-IP-Address [4] 6 Y.Y.0.1

*Jul 8 12:37:58: RADIUS(000007C5): Started 5 sec timeout

*Jul 8 12:37:58: RADIUS: Received from id 1645/189 X.X.0.241:1645, Access-Accept, len 227

*Jul 8 12:37:58: RADIUS: authenticator 93 70 98 64 27 BE CC E5 - 79 C9 08 76 67 C7 A7 B3

*Jul 8 12:37:58: RADIUS: Framed-Protocol [7] 6 PPP [1]

*Jul 8 12:37:58: RADIUS: User-Name [1] 10 "user3100"

*Jul 8 12:37:58: RADIUS: CHAP-Password [3] 19 *

*Jul 8 12:37:58: RADIUS: Connect-Info [77] 11 "100000000"

*Jul 8 12:37:58: RADIUS: NAS-Port-Type [61] 6 Virtual [5]

*Jul 8 12:37:58: RADIUS: NAS-Port [5] 6 41

*Jul 8 12:37:58: RADIUS: Service-Type [6] 6 Framed [2]

*Jul 8 12:37:58: RADIUS: NAS-IP-Address [4] 6 Y.Y.0.1

*Jul 8 12:37:58: RADIUS: CHAP-Challenge [60] 18

*Jul 8 12:37:58: RADIUS: C0 E4 78 97 2B F1 78 18 AA 21 53 43 23 71 10 9A [ x+x!SC#q]

*Jul 8 12:37:58: RADIUS: Vendor, Unknown [26] 16

*Jul 8 12:37:58: RADIUS: Unsupported [222] 10

*Jul 8 12:37:58: RADIUS: 63 69 68 6E 33 31 30 30 [ user3100]

*Jul 8 12:37:58: RADIUS: Nas-Identifier [32] 12 "Y.Y.0.1"

*Jul 8 12:37:58: RADIUS: Vendor, Cisco [26] 47

*Jul 8 12:37:58: RADIUS: Cisco AVpair [1] 41 "ip:dns-servers=X.X.1.98 X.X.0.2"

*Jul 8 12:37:58: RADIUS: Service-Type [6] 6 Framed [2]

*Jul 8 12:37:58: RADIUS: Framed-Protocol [7] 6 PPP [1]

*Jul 8 12:37:58: RADIUS: Framed-IP-Address [8] 6 X.X.8.156

*Jul 8 12:37:58: RADIUS: Filter-Id [11] 8

*Jul 8 12:37:58: RADIUS: 42 57 32 30 30 30 [ BW2000]

*Jul 8 12:37:58: RADIUS: Session-Timeout [27] 6 86400

*Jul 8 12:37:58: RADIUS: Vendor, Cisco [26] 12

*Jul 8 12:37:58: RADIUS: Ascend-Max-Time [194] 6

*Jul 8 12:37:58: RADIUS: 00 01 51 80 [ Q]

*Jul 8 12:37:58: RADIUS(000007C5): Received from id 1645/189

*Jul 8 12:37:58: RADIUS/DECODE: Invalid attr to decode; CHAP-Password ---------------------------вопрос С.

*Jul 8 12:37:58: RADIUS: NAS-Port [5] 4 41

*Jul 8 12:37:58: RADIUS/DECODE: unsupported cisco VSA 194; IGNORE

*Jul 8 12:37:58: ppp41 PPP: Received LOGIN Response PASS

*Jul 8 12:37:58: ppp41 PPP AUTHOR: Author Data Available

*Jul 8 12:37:58: ppp41 PPP: Receive Attrs from[authen] Keep[LCP] MERGE

*Jul 8 12:37:58: ppp41 PPP: Keep Attr: Framed-Protocol 0 1 [PPP]

*Jul 8 12:37:58: ppp41 PPP: Updated the attr Framed-Protocol in datalist

*Jul 8 12:37:58: ppp41 PPP: Keep Attr: username 0 "user3100"

*Jul 8 12:37:58: ppp41 PPP: Updated the attr username in datalist

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: nas-connect-info 0 "100000000"

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: port-type 0 5 [Virtual Terminal]

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: interface 0 "41"

*Jul 8 12:37:58: ppp41 PPP: Keep Attr: service-type 0 2 [Framed]

*Jul 8 12:37:58: ppp41 PPP: Updated the attr service-type in datalist

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: nas-ip-address 0 Y.Y.0.1

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: challenge 0 <hidden>

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: nas-identifier 0 "Y.Y.0.1"

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: dns-servers 0 "X.X.1.98 X.X.0.2"

*Jul 8 12:37:58: ppp41 PPP: Keep Attr: service-type 0 2 [Framed]

*Jul 8 12:37:58: ppp41 PPP: Updated the attr service-type in datalist

*Jul 8 12:37:58: ppp41 PPP: Keep Attr: Framed-Protocol 0 1 [PPP]

*Jul 8 12:37:58: ppp41 PPP: Updated the attr Framed-Protocol in datalist

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: addr 0 X.X.8.156

*Jul 8 12:37:58: ppp41 PPP: Skip Attr: outacl 0 "BW2000"

*Jul 8 12:37:58: ppp41 PPP: Keep Attr: timeout 0 86400 (0x15180)

*Jul 8 12:37:58: ppp41 PPP: Updated the attr timeout in datalist

*Jul 8 12:37:58: ppp41 PPP: Phase is FORWARDING, Attempting Forward

*Jul 8 12:37:58: %SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR: Service () is configured incorrectly, service_failed event will be thrown -------Вопрос В.

ASR-1002-X#

*Jul 8 12:37:58: ppp41 PPP DISC: Lower Layer disconnected

*Jul 8 12:37:58: ppp41 PPP: Sending Acct Event[Down] id[7C5]

*Jul 8 12:37:58: PPP: NET STOP send to AAA.

*Jul 8 12:37:58: ppp41 CHAP: O FAILURE id 1 len 26 msg is "Authentication failure" -------------------Вопрос А.

*Jul 8 12:37:58: ppp41 LCP: O TERMREQ [Open] id 2 len 4

*Jul 8 12:37:58: ppp41 LCP: Event[CLOSE] State[Open to Closing]

*Jul 8 12:37:58: ppp41 PPP: Phase is TERMINATING

A. Непонятно почему Authentication failure если радиус уже все проверил и выслал Accept ?

B. Что за ошибка(гугл не помогает) - %SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR: Service () is configured incorrectly, service_failed event will be thrown

С. Смущает так же строчка RADIUS/DECODE: Invalid attr to decode; CHAP-Password.

Биллинг настолько древний что логи перестали писаться , причину не знаю , сервер лучше не перезагружать , может не подняться :)

Sign In

Cisco_L2tp_aaa

Recommended Posts

romantix74

Join the conversation