u.s.s.r Posted August 12, 2014 (edited) Пытаюсь настроить "Функционал IGMP Authentification" Аутентификация проходит, мультикаст работает Но возникли вопросы, 1) почему не шлется interim-update (имеется ввиду accounting) ? 2) можно ли сделать так, чтобы приходили запросы поля "User-Name" и "User-Password" вида "A8:F9:4B:22:9D:62"? 3) access-list - есть несколько листов, как задать конкретный лист? через радиус-атрибуты? Edited August 12, 2014 by u.s.s.r Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
u.s.s.r Posted August 12, 2014 Конфиг vlan 407 name multicast multicast-vlan multicast-vlan mode dynamic multicast-vlan association 514 multicast destination-control radius-server accounting-interim-update timeout 60 radius-server key 0 secret radius-server authentication host 172.22.3.154 radius-server accounting host 172.22.3.154 aaa enable radius nas-ipv4 172.22.6.19 ! Interface Ethernet1/1 ip multicast destination-control access-group 6002 switchport access vlan 514 loopback-detection specified-vlan 1 loopback-detection control shutdown igmp snooping drop query igmp snooping authentication enable interface Vlan514 ip address 172.22.6.19 255.255.255.0 ! ip igmp snooping ip igmp snooping authentication radius none ip igmp snooping authentication forwarding-first ip igmp snooping vlan 407 ip igmp snooping vlan 407 immediately-leave ip igmp snooping vlan 407 l2-general-querier ! ip default-gateway 172.22.6.254 Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
u.s.s.r Posted August 12, 2014 в дебаг %Jan 01 04:52:08 2006 authentication table timer is set value 600, and has been started %Jan 01 04:52:10 2006 Send a authencation %Jan 01 04:52:10 2006 Authencation Report Version: 2 %Jan 01 04:52:10 2006 Authencation Report Vlan: 407 %Jan 01 04:52:10 2006 Authencation Report Port: Ethernet1/1 %Jan 01 04:52:10 2006 Authencation Report Group: 224.1.0.7 %Jan 01 04:52:10 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62 %Jan 01 04:52:10 2006 Receive a authencation result %Jan 01 04:52:10 2006 Authencation Version: 2 %Jan 01 04:52:10 2006 Authencation Vlan: 407 %Jan 01 04:52:10 2006 Authencation Port: Ethernet1/1 %Jan 01 04:52:10 2006 Authencation Group: 224.1.0.7 %Jan 01 04:52:10 2006 Authencation SrcMac: A8:F9:4B:22:9D:62 %Jan 01 04:52:10 2006 Authencation Result: AUTH_SUCCESS %Jan 01 05:02:08 2006 global authentication table timer expires %Jan 01 05:02:08 2006 authentication table timer is stopped %Jan 01 05:02:08 2006 authentication table timer is set value 600, and has been started %Jan 01 05:02:38 2006 Authencation Report Version: 2 %Jan 01 05:02:38 2006 Authencation Report Vlan: 407 %Jan 01 05:02:38 2006 Authencation Report Port: Ethernet1/1 %Jan 01 05:02:38 2006 Authencation Report Group: 224.1.0.7 %Jan 01 05:02:38 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:02:38 2006 Receive a authencation result %Jan 01 05:02:38 2006 Authencation Version: 2 %Jan 01 05:02:38 2006 Authencation Vlan: 407 %Jan 01 05:02:38 2006 Authencation Port: Ethernet1/1 %Jan 01 05:02:38 2006 Authencation Group: 224.1.0.7 %Jan 01 05:02:38 2006 Authencation SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:02:38 2006 Authencation Result: AUTH_SUCCESS %Jan 01 05:12:08 2006 global authentication table timer expires %Jan 01 05:12:08 2006 authentication table timer is stopped %Jan 01 05:12:08 2006 authentication table timer is set value 600, and has been started %Jan 01 05:13:01 2006 Send a authencation %Jan 01 05:13:01 2006 Authencation Report Version: 2 %Jan 01 05:13:01 2006 Authencation Report Vlan: 407 %Jan 01 05:13:01 2006 Authencation Report Port: Ethernet1/1 %Jan 01 05:13:01 2006 Authencation Report Group: 224.1.0.7 %Jan 01 05:13:01 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:13:01 2006 Receive a authencation result %Jan 01 05:13:01 2006 Authencation Version: 2 %Jan 01 05:13:01 2006 Authencation Vlan: 407 %Jan 01 05:13:01 2006 Authencation Port: Ethernet1/1 %Jan 01 05:13:01 2006 Authencation Group: 224.1.0.7 %Jan 01 05:13:01 2006 Authencation SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:13:01 2006 Authencation Result: AUTH_SUCCESS Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Mikhail Burnin Posted August 14, 2014 вопрос решен через support.nag.ru Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
VVSina Posted August 15, 2014 ещё бы решение опубликовали, во избежании лишних вопросов. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Mikhail Burnin Posted August 20, 2014 если кратко то: 1)Аккаунитниг для igmp authentication не поддерживается 2)Формат username и password не меняется 3)Акцесс лист передать через радиус атрибуты нельзя. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
VVSina Posted August 26, 2014 :) Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
