forum.opennet.ru

Составление сообщения

Исходное сообщение

"Нет Framed-IP-Address в Accounting-Request"
Отправлено avkoroms, 17-Июл-17 11:18

Добрый день! Помогите пожалуйста разобраться. Имеется коммутатор L3 Cisco Catalist 4948 (ios  12.2(53)SG). Настроен аккаунтинг через freeradius (mysql+daloradius). Клиенты авторизуются по mac, подсчёт трафика идёт, но NAS в пакетах Accounting-Request не шлёт Framed-IP-Address:
Jul 17 08:09:24.686: RADIUS/ENCODE(00000026):Orig. component type = DOT1X
*Jul 17 08:09:24.686: RADIUS(00000026): Config NAS IP: 192.168.0.9
*Jul 17 08:09:24.686: RADIUS(00000026): sending
*Jul 17 08:09:24.686: RADIUS(00000026): Send Accounting-Request to 192.168.0.10:1813 id 1646/96, len 258
*Jul 17 08:09:24.686: RADIUS:  authenticator F1 E8 D2 7C 9F EA 09 60 - 63 68 99 EA 6A 27 D6 F6
*Jul 17 08:09:24.686: RADIUS:  Acct-Session-Id     [44]  10  "0000024A"
*Jul 17 08:09:24.686: RADIUS:  Vendor, Cisco       [26]  49
*Jul 17 08:09:24.686: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A800090000001E0E6DE6C8"
*Jul 17 08:09:24.686: RADIUS:  User-Name           [1]   14  "d8cb8ae40f93"
*Jul 17 08:09:24.686: RADIUS:  Vendor, Cisco       [26]  34
*Jul 17 08:09:24.686: RADIUS:   Cisco AVpair       [1]   28  "connect-progress=Auth Open"
*Jul 17 08:09:24.686: RADIUS:  Acct-Session-Time   [46]  6   11085
*Jul 17 08:09:24.686: RADIUS:  Acct-Input-Octets   [42]  6   1389297247
*Jul 17 08:09:24.686: RADIUS:  Acct-Output-Octets  [43]  6   2306784435
*Jul 17 08:09:24.686: RADIUS:  Acct-Input-Packets  [47]  6   1941846
*Jul 17 08:09:24.686: RADIUS:  Acct-Output-Packets [48]  6   2370576
*Jul 17 08:09:24.686: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
*Jul 17 08:09:24.686: RADIUS:  Acct-Status-Type    [40]  6   Watchdog                  [3]
*Jul 17 08:09:24.686: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
*Jul 17 08:09:24.686: RADIUS:  NAS-Port            [5]   6   50125
*Jul 17 08:09:24.686: RADIUS:  NAS-Port-Id         [87]  21  "GigabitEthernet1/25"
*Jul 17 08:09:24.686: RADIUS:  Called-Station-Id   [30]  19  "00-1B-D4-96-AB-58"
*Jul 17 08:09:24.686: RADIUS:  Calling-Station-Id  [31]  19  "D8-CB-8A-E4-0F-93"
*Jul 17 08:09:24.686: RADIUS:  Service-Type        [6]   6   Framed                    [2]
*Jul 17 08:09:24.686: RADIUS:  NAS-IP-Address      [4]   6   192.168.0.9
*Jul 17 08:09:24.686: RADIUS:  Acct-Delay-Time     [41]  6   0
*Jul 17 08:09:24.690: RADIUS: Received from id 1646/96 192.168.0.10:1813, Accounting-response, len 20
*Jul 17 08:09:24.690: RADIUS:  authenticator 87 86 5C 00 F1 B0 3B 53 - 1F 6C 81 D8 64 2A 62 7A
Настройка коммутатора:
Current configuration : 13617 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname sw_410a_new
!
boot-start-marker
boot system flash flash:cat4500-entservicesk9-mz.122-53.SG.bin
boot-end-marker
!
enable password 7 14110002090
!
username user privilege 15 password 7 06001D284940
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication dot1x default group radius
aaa authorization exec default group radius local
aaa authorization network default group radius
aaa accounting update newinfo periodic 5
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
!
aaa nas port extended
!
!
aaa session-id unique
clock timezone MSK 3
ip subnet-zero
!
!
ip vrf mgmtVrf
!
!
!
!
dot1x system-auth-control
power redundancy-mode redundant
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interface GigabitEthernet1/13
switchport mode access
authentication host-mode multi-host
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 1800
mab
dot1x pae authenticator
!
interface GigabitEthernet1/25
switchport mode access
authentication host-mode multi-auth
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 1800
mab
dot1x pae authenticator
!
interface Vlan1
ip address 192.168.0.9 255.255.252.0
!
ip http server
no ip http secure-server
!
!
!
ip radius source-interface Vlan1
!
!
radius-server attribute 44 include-in-access-req
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server configure-nas
radius-server host 192.168.0.10 auth-port 1812 acct-port 1813 key 7 15060E1F102325237961
radius-server vsa send accounting
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
!
end
Очень нужно видеть связку mac-ip в базе

Исходное сообщение
"Нет Framed-IP-Address в Accounting-Request" Отправлено avkoroms, 17-Июл-17 11:18
Добрый день! Помогите пожалуйста разобраться. Имеется коммутатор L3 Cisco Catalist 4948 (ios 12.2(53)SG). Настроен аккаунтинг через freeradius (mysql+daloradius). Клиенты авторизуются по mac, подсчёт трафика идёт, но NAS в пакетах Accounting-Request не шлёт Framed-IP-Address: Jul 17 08:09:24.686: RADIUS/ENCODE(00000026):Orig. component type = DOT1X Jul 17 08:09:24.686: RADIUS(00000026): Config NAS IP: 192.168.0.9 Jul 17 08:09:24.686: RADIUS(00000026): sending Jul 17 08:09:24.686: RADIUS(00000026): Send Accounting-Request to 192.168.0.10:1813 id 1646/96, len 258 Jul 17 08:09:24.686: RADIUS: authenticator F1 E8 D2 7C 9F EA 09 60 - 63 68 99 EA 6A 27 D6 F6 Jul 17 08:09:24.686: RADIUS: Acct-Session-Id [44] 10 "0000024A" Jul 17 08:09:24.686: RADIUS: Vendor, Cisco [26] 49 Jul 17 08:09:24.686: RADIUS: Cisco AVpair [1] 43 "audit-session-id=C0A800090000001E0E6DE6C8" Jul 17 08:09:24.686: RADIUS: User-Name [1] 14 "d8cb8ae40f93" Jul 17 08:09:24.686: RADIUS: Vendor, Cisco [26] 34 Jul 17 08:09:24.686: RADIUS: Cisco AVpair [1] 28 "connect-progress=Auth Open" Jul 17 08:09:24.686: RADIUS: Acct-Session-Time [46] 6 11085 Jul 17 08:09:24.686: RADIUS: Acct-Input-Octets [42] 6 1389297247 Jul 17 08:09:24.686: RADIUS: Acct-Output-Octets [43] 6 2306784435 Jul 17 08:09:24.686: RADIUS: Acct-Input-Packets [47] 6 1941846 Jul 17 08:09:24.686: RADIUS: Acct-Output-Packets [48] 6 2370576 Jul 17 08:09:24.686: RADIUS: Acct-Authentic [45] 6 RADIUS [1] Jul 17 08:09:24.686: RADIUS: Acct-Status-Type [40] 6 Watchdog [3] Jul 17 08:09:24.686: RADIUS: NAS-Port-Type [61] 6 Ethernet [15] Jul 17 08:09:24.686: RADIUS: NAS-Port [5] 6 50125 Jul 17 08:09:24.686: RADIUS: NAS-Port-Id [87] 21 "GigabitEthernet1/25" Jul 17 08:09:24.686: RADIUS: Called-Station-Id [30] 19 "00-1B-D4-96-AB-58" Jul 17 08:09:24.686: RADIUS: Calling-Station-Id [31] 19 "D8-CB-8A-E4-0F-93" Jul 17 08:09:24.686: RADIUS: Service-Type [6] 6 Framed [2] Jul 17 08:09:24.686: RADIUS: NAS-IP-Address [4] 6 192.168.0.9 Jul 17 08:09:24.686: RADIUS: Acct-Delay-Time [41] 6 0 Jul 17 08:09:24.690: RADIUS: Received from id 1646/96 192.168.0.10:1813, Accounting-response, len 20 *Jul 17 08:09:24.690: RADIUS: authenticator 87 86 5C 00 F1 B0 3B 53 - 1F 6C 81 D8 64 2A 62 7A Настройка коммутатора: Current configuration : 13617 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service compress-config ! hostname sw_410a_new ! boot-start-marker boot system flash flash:cat4500-entservicesk9-mz.122-53.SG.bin boot-end-marker ! enable password 7 14110002090 ! username user privilege 15 password 7 06001D284940 aaa new-model ! ! aaa authentication login default group radius local aaa authentication dot1x default group radius aaa authorization exec default group radius local aaa authorization network default group radius aaa accounting update newinfo periodic 5 aaa accounting dot1x default start-stop group radius aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius ! aaa nas port extended ! ! aaa session-id unique clock timezone MSK 3 ip subnet-zero ! ! ip vrf mgmtVrf ! ! ! ! dot1x system-auth-control power redundancy-mode redundant ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending interface GigabitEthernet1/13 switchport mode access authentication host-mode multi-host authentication order mab authentication priority mab authentication port-control auto authentication periodic authentication timer reauthenticate 1800 mab dot1x pae authenticator ! interface GigabitEthernet1/25 switchport mode access authentication host-mode multi-auth authentication order mab authentication priority mab authentication port-control auto authentication periodic authentication timer reauthenticate 1800 mab dot1x pae authenticator ! interface Vlan1 ip address 192.168.0.9 255.255.252.0 ! ip http server no ip http secure-server ! ! ! ip radius source-interface Vlan1 ! ! radius-server attribute 44 include-in-access-req radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server configure-nas radius-server host 192.168.0.10 auth-port 1812 acct-port 1813 key 7 15060E1F102325237961 radius-server vsa send accounting ! control-plane ! ! line con 0 stopbits 1 line vty 0 4 ! end Очень нужно видеть связку mac-ip в базе

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

> Добрый день! Помогите пожалуйста разобраться. Имеется коммутатор L3 Cisco Catalist 4948 
> (ios  12.2(53)SG). Настроен аккаунтинг через freeradius (mysql+daloradius). Клиенты авторизуются 
> по mac, подсчёт трафика идёт, но NAS в пакетах Accounting-Request не 
> шлёт Framed-IP-Address:

> Jul 17 08:09:24.686: RADIUS/ENCODE(00000026):Orig. component type = DOT1X 
> *Jul 17 08:09:24.686: RADIUS(00000026): Config NAS IP: 192.168.0.9 
> *Jul 17 08:09:24.686: RADIUS(00000026): sending 
> *Jul 17 08:09:24.686: RADIUS(00000026): Send Accounting-Request to 192.168.0.10:1813 
> id 1646/96, len 258 
> *Jul 17 08:09:24.686: RADIUS:  authenticator F1 E8 D2 7C 9F EA 
> 09 60 - 63 68 99 EA 6A 27 D6 F6 
 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Session-Id     [44]  
> 10  "0000024A" 
> *Jul 17 08:09:24.686: RADIUS:  Vendor, Cisco      
>  [26]  49 
> *Jul 17 08:09:24.686: RADIUS:   Cisco AVpair     
>   [1]   43  "audit-session-id=C0A800090000001E0E6DE6C8" 
> *Jul 17 08:09:24.686: RADIUS:  User-Name       
>     [1]   14  "d8cb8ae40f93" 
> *Jul 17 08:09:24.686: RADIUS:  Vendor, Cisco      
>  [26]  34 
> *Jul 17 08:09:24.686: RADIUS:   Cisco AVpair     
>   [1]   28  "connect-progress=Auth Open" 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Session-Time   [46]  6  
>  11085 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Input-Octets   [42]  6  
>  1389297247 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Output-Octets  [43]  6   
> 2306784435 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Input-Packets  [47]  6   
> 1941846 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Output-Packets [48]  6   2370576 
 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Authentic      [45] 
>  6   RADIUS       
>            
>   [1] 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Status-Type    [40]  6 
>   Watchdog         
>          [3] 
> *Jul 17 08:09:24.686: RADIUS:  NAS-Port-Type       
> [61]  6   Ethernet      
>            
>  [15] 
> *Jul 17 08:09:24.686: RADIUS:  NAS-Port       
>      [5]   6   
> 50125 
> *Jul 17 08:09:24.686: RADIUS:  NAS-Port-Id       
>   [87]  21  "GigabitEthernet1/25" 
> *Jul 17 08:09:24.686: RADIUS:  Called-Station-Id   [30]  19  
> "00-1B-D4-96-AB-58" 
> *Jul 17 08:09:24.686: RADIUS:  Calling-Station-Id  [31]  19  "D8-CB-8A-E4-0F-93" 
 
> *Jul 17 08:09:24.686: RADIUS:  Service-Type       
>  [6]   6   Framed    
>            
>      [2] 
> *Jul 17 08:09:24.686: RADIUS:  NAS-IP-Address      [4] 
>   6   192.168.0.9 
> *Jul 17 08:09:24.686: RADIUS:  Acct-Delay-Time     [41]  
> 6   0 
> *Jul 17 08:09:24.690: RADIUS: Received from id 1646/96 192.168.0.10:1813, Accounting-response, 
> len 20 
> *Jul 17 08:09:24.690: RADIUS:  authenticator 87 86 5C 00 F1 B0 
> 3B 53 - 1F 6C 81 D8 64 2A 62 7A

> Настройка коммутатора: 
> Current configuration : 13617 bytes 
> !
> version 12.2 
> no service pad 
> service timestamps debug datetime msec 
> service timestamps log datetime msec 
> service password-encryption 
> service compress-config 
> !
> hostname sw_410a_new 
> !
> boot-start-marker 
> boot system flash flash:cat4500-entservicesk9-mz.122-53.SG.bin 
> boot-end-marker 
> !
> enable password 7 14110002090 
> !
> username user privilege 15 password 7 06001D284940 
> aaa new-model 
> !
> !
> aaa authentication login default group radius local 
> aaa authentication dot1x default group radius 
> aaa authorization exec default group radius local 
> aaa authorization network default group radius 
> aaa accounting update newinfo periodic 5 
> aaa accounting dot1x default start-stop group radius 
> aaa accounting exec default start-stop group radius 
> aaa accounting network default start-stop group radius 
> !
> aaa nas port extended 
> !
> !
> aaa session-id unique 
> clock timezone MSK 3 
> ip subnet-zero 
> !
> !
> ip vrf mgmtVrf 
> !
> !
> !
> !
> dot1x system-auth-control 
> power redundancy-mode redundant 
> !
> !
> !
> !
> !
> spanning-tree mode pvst 
> spanning-tree extend system-id 
> !
> vlan internal allocation policy ascending

> interface GigabitEthernet1/13 
>  switchport mode access 
>  authentication host-mode multi-host 
>  authentication order mab 
>  authentication priority mab 
>  authentication port-control auto 
>  authentication periodic 
>  authentication timer reauthenticate 1800 
>  mab 
>  dot1x pae authenticator 
> !
> interface GigabitEthernet1/25 
>  switchport mode access 
>  authentication host-mode multi-auth 
>  authentication order mab 
>  authentication priority mab 
>  authentication port-control auto 
>  authentication periodic 
>  authentication timer reauthenticate 1800 
>  mab 
>  dot1x pae authenticator 
> !
> interface Vlan1 
>  ip address 192.168.0.9 255.255.252.0 
> !
> ip http server 
> no ip http secure-server 
> !
> !
> !
> ip radius source-interface Vlan1 
> !
> !
> radius-server attribute 44 include-in-access-req 
> radius-server attribute 6 on-for-login-auth 
> radius-server attribute 8 include-in-access-req 
> radius-server configure-nas 
> radius-server host 192.168.0.10 auth-port 1812 acct-port 1813 key 7 15060E1F102325237961 
 
> radius-server vsa send accounting 
> !
> control-plane 
> !
> !
> line con 0 
>  stopbits 1 
> line vty 0 4 
> !
> end

> Очень нужно видеть связку mac-ip в базе

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру