u.s.s.r Posted August 12, 2014 (edited) · Report post Пытаюсь настроить "Функционал IGMP Authentification" Аутентификация проходит, мультикаст работает Но возникли вопросы, 1) почему не шлется interim-update (имеется ввиду accounting) ? 2) можно ли сделать так, чтобы приходили запросы поля "User-Name" и "User-Password" вида "A8:F9:4B:22:9D:62"? 3) access-list - есть несколько листов, как задать конкретный лист? через радиус-атрибуты? Edited August 12, 2014 by u.s.s.r Share this post Link to post Share on other sites
u.s.s.r Posted August 12, 2014 · Report post Конфиг vlan 407 name multicast multicast-vlan multicast-vlan mode dynamic multicast-vlan association 514 multicast destination-control radius-server accounting-interim-update timeout 60 radius-server key 0 secret radius-server authentication host 172.22.3.154 radius-server accounting host 172.22.3.154 aaa enable radius nas-ipv4 172.22.6.19 ! Interface Ethernet1/1 ip multicast destination-control access-group 6002 switchport access vlan 514 loopback-detection specified-vlan 1 loopback-detection control shutdown igmp snooping drop query igmp snooping authentication enable interface Vlan514 ip address 172.22.6.19 255.255.255.0 ! ip igmp snooping ip igmp snooping authentication radius none ip igmp snooping authentication forwarding-first ip igmp snooping vlan 407 ip igmp snooping vlan 407 immediately-leave ip igmp snooping vlan 407 l2-general-querier ! ip default-gateway 172.22.6.254 Share this post Link to post Share on other sites
u.s.s.r Posted August 12, 2014 · Report post в дебаг %Jan 01 04:52:08 2006 authentication table timer is set value 600, and has been started %Jan 01 04:52:10 2006 Send a authencation %Jan 01 04:52:10 2006 Authencation Report Version: 2 %Jan 01 04:52:10 2006 Authencation Report Vlan: 407 %Jan 01 04:52:10 2006 Authencation Report Port: Ethernet1/1 %Jan 01 04:52:10 2006 Authencation Report Group: 224.1.0.7 %Jan 01 04:52:10 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62 %Jan 01 04:52:10 2006 Receive a authencation result %Jan 01 04:52:10 2006 Authencation Version: 2 %Jan 01 04:52:10 2006 Authencation Vlan: 407 %Jan 01 04:52:10 2006 Authencation Port: Ethernet1/1 %Jan 01 04:52:10 2006 Authencation Group: 224.1.0.7 %Jan 01 04:52:10 2006 Authencation SrcMac: A8:F9:4B:22:9D:62 %Jan 01 04:52:10 2006 Authencation Result: AUTH_SUCCESS %Jan 01 05:02:08 2006 global authentication table timer expires %Jan 01 05:02:08 2006 authentication table timer is stopped %Jan 01 05:02:08 2006 authentication table timer is set value 600, and has been started %Jan 01 05:02:38 2006 Authencation Report Version: 2 %Jan 01 05:02:38 2006 Authencation Report Vlan: 407 %Jan 01 05:02:38 2006 Authencation Report Port: Ethernet1/1 %Jan 01 05:02:38 2006 Authencation Report Group: 224.1.0.7 %Jan 01 05:02:38 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:02:38 2006 Receive a authencation result %Jan 01 05:02:38 2006 Authencation Version: 2 %Jan 01 05:02:38 2006 Authencation Vlan: 407 %Jan 01 05:02:38 2006 Authencation Port: Ethernet1/1 %Jan 01 05:02:38 2006 Authencation Group: 224.1.0.7 %Jan 01 05:02:38 2006 Authencation SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:02:38 2006 Authencation Result: AUTH_SUCCESS %Jan 01 05:12:08 2006 global authentication table timer expires %Jan 01 05:12:08 2006 authentication table timer is stopped %Jan 01 05:12:08 2006 authentication table timer is set value 600, and has been started %Jan 01 05:13:01 2006 Send a authencation %Jan 01 05:13:01 2006 Authencation Report Version: 2 %Jan 01 05:13:01 2006 Authencation Report Vlan: 407 %Jan 01 05:13:01 2006 Authencation Report Port: Ethernet1/1 %Jan 01 05:13:01 2006 Authencation Report Group: 224.1.0.7 %Jan 01 05:13:01 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:13:01 2006 Receive a authencation result %Jan 01 05:13:01 2006 Authencation Version: 2 %Jan 01 05:13:01 2006 Authencation Vlan: 407 %Jan 01 05:13:01 2006 Authencation Port: Ethernet1/1 %Jan 01 05:13:01 2006 Authencation Group: 224.1.0.7 %Jan 01 05:13:01 2006 Authencation SrcMac: A8:F9:4B:22:9D:62 %Jan 01 05:13:01 2006 Authencation Result: AUTH_SUCCESS Share this post Link to post Share on other sites
Mikhail Burnin Posted August 14, 2014 · Report post вопрос решен через support.nag.ru Share this post Link to post Share on other sites
VVSina Posted August 15, 2014 · Report post ещё бы решение опубликовали, во избежании лишних вопросов. Share this post Link to post Share on other sites
Mikhail Burnin Posted August 20, 2014 · Report post если кратко то: 1)Аккаунитниг для igmp authentication не поддерживается 2)Формат username и password не меняется 3)Акцесс лист передать через радиус атрибуты нельзя. Share this post Link to post Share on other sites
