forum.opennet.ru

Составление сообщения

Исходное сообщение

"С Radius сервера не работают vsa атрибуты"
Отправлено enb83, 13-Июл-09 10:26

Помогите разобраться!
Не могу никак понять в чём же дело. Может IOS не та 124-23 или настройки на Сisco 7301 не те сделал.
Может NAT мешает или с interface Loopback0 не будет работать.
Подключаюсь VPN клиентом через винду. Ping идёт.
Если ACL 102 повешать на interface Virtual-Template1 то пингует по правилам, как и надо, а вот с Радиуса не хочет. Пробывал разные атрибуты.
interface Virtual-Template1
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
peer default ip address pool PPPoE1
ppp authentication pap chap x-AUTH
ip nat inside source list 1 interface GigabitEthernet0/1 overload
access-list 1 permit 192.168.1.0 0.0.0.255
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
Вот debug radius:
Jul 13 13:21:54.926: RADIUS/ENCODE(000001EF):Orig. component type = VPDN
Jul 13 13:21:54.926: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
Jul 13 13:21:54.926: RADIUS/ENCODE(000001EF): acct_session_id: 690
Jul 13 13:21:54.926: RADIUS(000001EF): sending
Jul 13 13:21:54.926: RADIUS(000001EF): Send Access-Request to 10.141.1.1:1812 id 1645/45, len 151
Jul 13 13:21:54.926: RADIUS:  authenticator 3A 18 8A 84 2A 11 98 52 - 63 C7 10 BD 11 8B 41 3D
Jul 13 13:21:54.926: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul 13 13:21:54.926: RADIUS:  User-Name           [1]   8   "180174"
Jul 13 13:21:54.926: RADIUS:  CHAP-Password       [3]   19  *
Jul 13 13:21:54.926: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Jul 13 13:21:54.926: RADIUS:  Vendor, Cisco       [26]  23
Jul 13 13:21:54.926: RADIUS:   cisco-nas-port     [2]   17  "Uniq-Sess-ID330"
Jul 13 13:21:54.926: RADIUS:  NAS-Port            [5]   6   330
Jul 13 13:21:54.926: RADIUS:  NAS-Port-Id         [87]  17  "Uniq-Sess-ID330"
Jul 13 13:21:54.926: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul 13 13:21:54.926: RADIUS:  NAS-IP-Address      [4]   6   10.141.1.249
Jul 13 13:21:54.926: RADIUS:  Acct-Session-Id     [44]  18  "0A8D01F9000002B2"
Jul 13 13:21:54.926: RADIUS:  Nas-Identifier      [32]  10  "ciscoISG"
Jul 13 13:21:54.926: RADIUS:  Event-Timestamp     [55]  6   1247491314
Jul 13 13:21:54.938: RADIUS: Received from id 1645/45 10.141.1.1:1812, Access-Accept, len 56
Jul 13 13:21:54.938: RADIUS:  authenticator 06 9B 0C 10 BC 90 FA 4C - 71 69 F4 FA 3B A9 96 22
Jul 13 13:21:54.938: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul 13 13:21:54.938: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP Header Compressi[1]
Jul 13 13:21:54.938: RADIUS:  Vendor, Cisco       [26]  24
Jul 13 13:21:54.938: RADIUS:   Cisco AVpair       [1]   18  "ip:addr-pool=102"
Jul 13 13:21:54.938: RADIUS(000001EF): Received from id 1645/45
Jul 13 13:21:54.946: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up
Jul 13 13:21:54.946: RADIUS/ENCODE(000001EF):Orig. component type = VPDN
Jul 13 13:21:54.946: RADIUS(000001EF): sending
Jul 13 13:21:54.946: RADIUS(000001EF): Send Accounting-Request to 10.141.1.1:1813 id 1646/160, len 219
Jul 13 13:21:54.946: RADIUS:  authenticator 8C 30 75 ED 2E E6 0C F9 - 19 7B BA 1B 50 C0 4D FD
Jul 13 13:21:54.946: RADIUS:  Acct-Session-Id     [44]  18  "0A8D01F9000002B2"
Jul 13 13:21:54.946: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4                   [1]
Jul 13 13:21:54.946: RADIUS:  Tunnel-Server-Endpoi[67]  14  "10.141.1.249"
Jul 13 13:21:54.946: RADIUS:  Tunnel-Client-Endpoi[66]  14  "10.141.1.140"
Jul 13 13:21:54.946: RADIUS:  Tunnel-Assignment-Id[82]  3   "1"
Jul 13 13:21:54.946: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul 13 13:21:54.946: RADIUS:  User-Name           [1]   8   "180174"
Jul 13 13:21:54.946: RADIUS:  Vendor, Cisco       [26]  32
Jul 13 13:21:54.946: RADIUS:   Cisco AVpair       [1]   26  "connect-progress=Call Up"
Jul 13 13:21:54.946: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
Jul 13 13:21:54.946: RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]
Jul 13 13:21:54.946: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Jul 13 13:21:54.946: RADIUS:  Vendor, Cisco       [26]  23
Jul 13 13:21:54.946: RADIUS:   cisco-nas-port     [2]   17  "Uniq-Sess-ID330"
Jul 13 13:21:54.946: RADIUS:  NAS-Port            [5]   6   330
Jul 13 13:21:54.946: RADIUS:  NAS-Port-Id         [87]  17  "Uniq-Sess-ID330"
Jul 13 13:21:54.946: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul 13 13:21:54.946: RADIUS:  NAS-IP-Address      [4]   6   10.141.1.249
Jul 13 13:21:54.946: RADIUS:  Event-Timestamp     [55]  6   1247491314
Jul 13 13:21:54.946: RADIUS:  Nas-Identifier      [32]  10  "ciscoISG"
Jul 13 13:21:54.946: RADIUS:  Acct-Delay-Time     [41]  6   0
Jul 13 13:21:54.950: RADIUS/ENCODE(000001EF):Orig. component type = VPDN
Jul 13 13:21:54.950: RADIUS(000001EF): sending
Jul 13 13:21:54.950: RADIUS(000001EF): Send Accounting-Request to 10.141.1.1:1813 id 1646/161, len 258
Jul 13 13:21:54.950: RADIUS:  authenticator 88 57 3D 11 B2 BD 04 F9 - 00 06 8A C9 58 11 24 74
Jul 13 13:21:54.950: RADIUS:  Acct-Session-Id     [44]  18  "0A8D01F9000002B2"
Jul 13 13:21:54.950: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4                   [1]
Jul 13 13:21:54.950: RADIUS:  Tunnel-Server-Endpoi[67]  14  "10.141.1.249"
Jul 13 13:21:54.950: RADIUS:  Tunnel-Client-Endpoi[66]  14  "10.141.1.140"
Jul 13 13:21:54.950: RADIUS:  Tunnel-Assignment-Id[82]  3   "1"
Jul 13 13:21:54.950: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul 13 13:21:54.950: RADIUS:  Framed-IP-Address   [8]   6   192.168.1.2
Jul 13 13:21:54.950: RADIUS:  User-Name           [1]   8   "180174"
Jul 13 13:21:54.950: RADIUS:  Vendor, Cisco       [26]  35
Jul 13 13:21:54.950: RADIUS:   Cisco AVpair       [1]   29  "connect-progress=LAN Ses Up"
Jul 13 13:21:54.950: RADIUS:  Acct-Session-Time   [46]  6   0
Jul 13 13:21:54.950: RADIUS:  Acct-Input-Octets   [42]  6   106
Jul 13 13:21:54.950: RADIUS:  Acct-Output-Octets  [43]  6   108
Jul 13 13:21:54.950: RADIUS:  Acct-Input-Packets  [47]  6   5
Jul 13 13:21:54.950: RADIUS:  Acct-Output-Packets [48]  6   6
Jul 13 13:21:54.950: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
Jul 13 13:21:54.950: RADIUS:  Acct-Status-Type    [40]  6   Watchdog                  [3]
Jul 13 13:21:54.950: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Jul 13 13:21:54.950: RADIUS:  Vendor, Cisco       [26]  23
Jul 13 13:21:54.950: RADIUS:   cisco-nas-port     [2]   17  "Uniq-Sess-ID330"
Jul 13 13:21:54.950: RADIUS:  NAS-Port            [5]   6   330
Jul 13 13:21:54.950: RADIUS:  NAS-Port-Id         [87]  17  "Uniq-Sess-ID330"
Jul 13 13:21:54.950: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul 13 13:21:54.950: RADIUS:  NAS-IP-Address      [4]   6   10.141.1.249
Jul 13 13:21:54.950: RADIUS:  Event-Timestamp     [55]  6   1247491314
Jul 13 13:21:54.950: RADIUS:  Nas-Identifier      [32]  10  "ciscoISG"
Jul 13 13:21:54.950: RADIUS:  Acct-Delay-Time     [41]  6   0
Jul 13 13:21:54.958: RADIUS: Received from id 1646/160 10.141.1.1:1813, Accounting-response, len 20
Jul 13 13:21:54.958: RADIUS:  authenticator 74 A2 86 B3 15 DF 41 95 - A2 97 3A F8 D9 46 10 BA
Jul 13 13:21:54.970: RADIUS: Received from id 1646/161 10.141.1.1:1813, Accounting-response, len 20
Jul 13 13:21:54.970: RADIUS:  authenticator 9A 6F 4C 8E E3 3A 4E 3A - 7E 14 33 26 F6 7F 24 2B
Jul 13 13:21:55.946: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to up

Исходное сообщение
"С Radius сервера не работают vsa атрибуты" Отправлено enb83, 13-Июл-09 10:26
Помогите разобраться! Не могу никак понять в чём же дело. Может IOS не та 124-23 или настройки на Сisco 7301 не те сделал. Может NAT мешает или с interface Loopback0 не будет работать. Подключаюсь VPN клиентом через винду. Ping идёт. Если ACL 102 повешать на interface Virtual-Template1 то пингует по правилам, как и надо, а вот с Радиуса не хочет. Пробывал разные атрибуты. interface Virtual-Template1 ip unnumbered Loopback0 ip nat inside ip virtual-reassembly peer default ip address pool PPPoE1 ppp authentication pap chap x-AUTH ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255 radius-server vsa send cisco-nas-port radius-server vsa send accounting radius-server vsa send authentication Вот debug radius: Jul 13 13:21:54.926: RADIUS/ENCODE(000001EF):Orig. component type = VPDN Jul 13 13:21:54.926: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included Jul 13 13:21:54.926: RADIUS/ENCODE(000001EF): acct_session_id: 690 Jul 13 13:21:54.926: RADIUS(000001EF): sending Jul 13 13:21:54.926: RADIUS(000001EF): Send Access-Request to 10.141.1.1:1812 id 1645/45, len 151 Jul 13 13:21:54.926: RADIUS: authenticator 3A 18 8A 84 2A 11 98 52 - 63 C7 10 BD 11 8B 41 3D Jul 13 13:21:54.926: RADIUS: Framed-Protocol [7] 6 PPP [1] Jul 13 13:21:54.926: RADIUS: User-Name [1] 8 "180174" Jul 13 13:21:54.926: RADIUS: CHAP-Password [3] 19 * Jul 13 13:21:54.926: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Jul 13 13:21:54.926: RADIUS: Vendor, Cisco [26] 23 Jul 13 13:21:54.926: RADIUS: cisco-nas-port [2] 17 "Uniq-Sess-ID330" Jul 13 13:21:54.926: RADIUS: NAS-Port [5] 6 330 Jul 13 13:21:54.926: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID330" Jul 13 13:21:54.926: RADIUS: Service-Type [6] 6 Framed [2] Jul 13 13:21:54.926: RADIUS: NAS-IP-Address [4] 6 10.141.1.249 Jul 13 13:21:54.926: RADIUS: Acct-Session-Id [44] 18 "0A8D01F9000002B2" Jul 13 13:21:54.926: RADIUS: Nas-Identifier [32] 10 "ciscoISG" Jul 13 13:21:54.926: RADIUS: Event-Timestamp [55] 6 1247491314 Jul 13 13:21:54.938: RADIUS: Received from id 1645/45 10.141.1.1:1812, Access-Accept, len 56 Jul 13 13:21:54.938: RADIUS: authenticator 06 9B 0C 10 BC 90 FA 4C - 71 69 F4 FA 3B A9 96 22 Jul 13 13:21:54.938: RADIUS: Framed-Protocol [7] 6 PPP [1] Jul 13 13:21:54.938: RADIUS: Framed-Compression [13] 6 VJ TCP/IP Header Compressi[1] Jul 13 13:21:54.938: RADIUS: Vendor, Cisco [26] 24 Jul 13 13:21:54.938: RADIUS: Cisco AVpair [1] 18 "ip:addr-pool=102" Jul 13 13:21:54.938: RADIUS(000001EF): Received from id 1645/45 Jul 13 13:21:54.946: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up Jul 13 13:21:54.946: RADIUS/ENCODE(000001EF):Orig. component type = VPDN Jul 13 13:21:54.946: RADIUS(000001EF): sending Jul 13 13:21:54.946: RADIUS(000001EF): Send Accounting-Request to 10.141.1.1:1813 id 1646/160, len 219 Jul 13 13:21:54.946: RADIUS: authenticator 8C 30 75 ED 2E E6 0C F9 - 19 7B BA 1B 50 C0 4D FD Jul 13 13:21:54.946: RADIUS: Acct-Session-Id [44] 18 "0A8D01F9000002B2" Jul 13 13:21:54.946: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 [1] Jul 13 13:21:54.946: RADIUS: Tunnel-Server-Endpoi[67] 14 "10.141.1.249" Jul 13 13:21:54.946: RADIUS: Tunnel-Client-Endpoi[66] 14 "10.141.1.140" Jul 13 13:21:54.946: RADIUS: Tunnel-Assignment-Id[82] 3 "1" Jul 13 13:21:54.946: RADIUS: Framed-Protocol [7] 6 PPP [1] Jul 13 13:21:54.946: RADIUS: User-Name [1] 8 "180174" Jul 13 13:21:54.946: RADIUS: Vendor, Cisco [26] 32 Jul 13 13:21:54.946: RADIUS: Cisco AVpair [1] 26 "connect-progress=Call Up" Jul 13 13:21:54.946: RADIUS: Acct-Authentic [45] 6 RADIUS [1] Jul 13 13:21:54.946: RADIUS: Acct-Status-Type [40] 6 Start [1] Jul 13 13:21:54.946: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Jul 13 13:21:54.946: RADIUS: Vendor, Cisco [26] 23 Jul 13 13:21:54.946: RADIUS: cisco-nas-port [2] 17 "Uniq-Sess-ID330" Jul 13 13:21:54.946: RADIUS: NAS-Port [5] 6 330 Jul 13 13:21:54.946: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID330" Jul 13 13:21:54.946: RADIUS: Service-Type [6] 6 Framed [2] Jul 13 13:21:54.946: RADIUS: NAS-IP-Address [4] 6 10.141.1.249 Jul 13 13:21:54.946: RADIUS: Event-Timestamp [55] 6 1247491314 Jul 13 13:21:54.946: RADIUS: Nas-Identifier [32] 10 "ciscoISG" Jul 13 13:21:54.946: RADIUS: Acct-Delay-Time [41] 6 0 Jul 13 13:21:54.950: RADIUS/ENCODE(000001EF):Orig. component type = VPDN Jul 13 13:21:54.950: RADIUS(000001EF): sending Jul 13 13:21:54.950: RADIUS(000001EF): Send Accounting-Request to 10.141.1.1:1813 id 1646/161, len 258 Jul 13 13:21:54.950: RADIUS: authenticator 88 57 3D 11 B2 BD 04 F9 - 00 06 8A C9 58 11 24 74 Jul 13 13:21:54.950: RADIUS: Acct-Session-Id [44] 18 "0A8D01F9000002B2" Jul 13 13:21:54.950: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 [1] Jul 13 13:21:54.950: RADIUS: Tunnel-Server-Endpoi[67] 14 "10.141.1.249" Jul 13 13:21:54.950: RADIUS: Tunnel-Client-Endpoi[66] 14 "10.141.1.140" Jul 13 13:21:54.950: RADIUS: Tunnel-Assignment-Id[82] 3 "1" Jul 13 13:21:54.950: RADIUS: Framed-Protocol [7] 6 PPP [1] Jul 13 13:21:54.950: RADIUS: Framed-IP-Address [8] 6 192.168.1.2 Jul 13 13:21:54.950: RADIUS: User-Name [1] 8 "180174" Jul 13 13:21:54.950: RADIUS: Vendor, Cisco [26] 35 Jul 13 13:21:54.950: RADIUS: Cisco AVpair [1] 29 "connect-progress=LAN Ses Up" Jul 13 13:21:54.950: RADIUS: Acct-Session-Time [46] 6 0 Jul 13 13:21:54.950: RADIUS: Acct-Input-Octets [42] 6 106 Jul 13 13:21:54.950: RADIUS: Acct-Output-Octets [43] 6 108 Jul 13 13:21:54.950: RADIUS: Acct-Input-Packets [47] 6 5 Jul 13 13:21:54.950: RADIUS: Acct-Output-Packets [48] 6 6 Jul 13 13:21:54.950: RADIUS: Acct-Authentic [45] 6 RADIUS [1] Jul 13 13:21:54.950: RADIUS: Acct-Status-Type [40] 6 Watchdog [3] Jul 13 13:21:54.950: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Jul 13 13:21:54.950: RADIUS: Vendor, Cisco [26] 23 Jul 13 13:21:54.950: RADIUS: cisco-nas-port [2] 17 "Uniq-Sess-ID330" Jul 13 13:21:54.950: RADIUS: NAS-Port [5] 6 330 Jul 13 13:21:54.950: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID330" Jul 13 13:21:54.950: RADIUS: Service-Type [6] 6 Framed [2] Jul 13 13:21:54.950: RADIUS: NAS-IP-Address [4] 6 10.141.1.249 Jul 13 13:21:54.950: RADIUS: Event-Timestamp [55] 6 1247491314 Jul 13 13:21:54.950: RADIUS: Nas-Identifier [32] 10 "ciscoISG" Jul 13 13:21:54.950: RADIUS: Acct-Delay-Time [41] 6 0 Jul 13 13:21:54.958: RADIUS: Received from id 1646/160 10.141.1.1:1813, Accounting-response, len 20 Jul 13 13:21:54.958: RADIUS: authenticator 74 A2 86 B3 15 DF 41 95 - A2 97 3A F8 D9 46 10 BA Jul 13 13:21:54.970: RADIUS: Received from id 1646/161 10.141.1.1:1813, Accounting-response, len 20 Jul 13 13:21:54.970: RADIUS: authenticator 9A 6F 4C 8E E3 3A 4E 3A - 7E 14 33 26 F6 7F 24 2B Jul 13 13:21:55.946: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to up

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру