Jump to content
Калькуляторы

Функционал IGMP Authentification Функционал IGMP Authentification

Пытаюсь настроить "Функционал IGMP Authentification"

Аутентификация проходит, мультикаст работает

 

Но возникли вопросы,

1) почему не шлется interim-update (имеется ввиду accounting) ?

2) можно ли сделать так, чтобы приходили запросы поля "User-Name" и "User-Password" вида "A8:F9:4B:22:9D:62"?

3) access-list - есть несколько листов, как задать конкретный лист? через радиус-атрибуты?

Edited by u.s.s.r

Share this post


Link to post
Share on other sites

Конфиг

 

vlan 407
name multicast
multicast-vlan
multicast-vlan mode dynamic
multicast-vlan association 514

multicast destination-control

 

radius-server accounting-interim-update timeout 60
radius-server key 0 secret
radius-server authentication host 172.22.3.154
radius-server accounting host 172.22.3.154
aaa enable
radius nas-ipv4 172.22.6.19
!
Interface Ethernet1/1
ip multicast destination-control access-group 6002
switchport access vlan 514
loopback-detection specified-vlan 1
loopback-detection control shutdown
igmp snooping drop query
igmp snooping authentication enable

interface Vlan514
ip address 172.22.6.19 255.255.255.0
!
ip igmp snooping
ip igmp snooping authentication radius none
ip igmp snooping authentication forwarding-first
ip igmp snooping vlan 407
ip igmp snooping vlan 407 immediately-leave
ip igmp snooping vlan 407 l2-general-querier
!
ip default-gateway 172.22.6.254

Share this post


Link to post
Share on other sites

в дебаг

 

%Jan 01 04:52:08 2006 authentication table timer is set value 600, and has been started
%Jan 01 04:52:10 2006 Send a authencation
%Jan 01 04:52:10 2006 Authencation Report Version: 2
%Jan 01 04:52:10 2006 Authencation Report Vlan: 407
%Jan 01 04:52:10 2006 Authencation Report Port: Ethernet1/1
%Jan 01 04:52:10 2006 Authencation Report Group: 224.1.0.7
%Jan 01 04:52:10 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62
%Jan 01 04:52:10 2006 Receive a authencation result
%Jan 01 04:52:10 2006 Authencation Version: 2
%Jan 01 04:52:10 2006 Authencation Vlan: 407
%Jan 01 04:52:10 2006 Authencation Port: Ethernet1/1
%Jan 01 04:52:10 2006 Authencation Group: 224.1.0.7
%Jan 01 04:52:10 2006 Authencation SrcMac: A8:F9:4B:22:9D:62
%Jan 01 04:52:10 2006 Authencation Result: AUTH_SUCCESS
%Jan 01 05:02:08 2006 global  authentication table timer expires
%Jan 01 05:02:08 2006 authentication table timer is stopped
%Jan 01 05:02:08 2006 authentication table timer is set value 600, and has been started
%Jan 01 05:02:38 2006 Authencation Report Version: 2
%Jan 01 05:02:38 2006 Authencation Report Vlan: 407
%Jan 01 05:02:38 2006 Authencation Report Port: Ethernet1/1
%Jan 01 05:02:38 2006 Authencation Report Group: 224.1.0.7
%Jan 01 05:02:38 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62
%Jan 01 05:02:38 2006 Receive a authencation result
%Jan 01 05:02:38 2006 Authencation Version: 2
%Jan 01 05:02:38 2006 Authencation Vlan: 407
%Jan 01 05:02:38 2006 Authencation Port: Ethernet1/1
%Jan 01 05:02:38 2006 Authencation Group: 224.1.0.7
%Jan 01 05:02:38 2006 Authencation SrcMac: A8:F9:4B:22:9D:62
%Jan 01 05:02:38 2006 Authencation Result: AUTH_SUCCESS
%Jan 01 05:12:08 2006 global  authentication table timer expires
%Jan 01 05:12:08 2006 authentication table timer is stopped
%Jan 01 05:12:08 2006 authentication table timer is set value 600, and has been started
%Jan 01 05:13:01 2006 Send a authencation
%Jan 01 05:13:01 2006 Authencation Report Version: 2
%Jan 01 05:13:01 2006 Authencation Report Vlan: 407
%Jan 01 05:13:01 2006 Authencation Report Port: Ethernet1/1
%Jan 01 05:13:01 2006 Authencation Report Group: 224.1.0.7
%Jan 01 05:13:01 2006 Authencation Report SrcMac: A8:F9:4B:22:9D:62
%Jan 01 05:13:01 2006 Receive a authencation result
%Jan 01 05:13:01 2006 Authencation Version: 2
%Jan 01 05:13:01 2006 Authencation Vlan: 407
%Jan 01 05:13:01 2006 Authencation Port: Ethernet1/1
%Jan 01 05:13:01 2006 Authencation Group: 224.1.0.7
%Jan 01 05:13:01 2006 Authencation SrcMac: A8:F9:4B:22:9D:62
%Jan 01 05:13:01 2006 Authencation Result: AUTH_SUCCESS

Share this post


Link to post
Share on other sites

если кратко то:

1)Аккаунитниг для igmp authentication не поддерживается

2)Формат username и password не меняется

3)Акцесс лист передать через радиус атрибуты нельзя.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.