forum.opennet.ru

Составление сообщения

Исходное сообщение

"ISG + Radius"
Отправлено mighty, 09-Ноя-08 10:39

Здраствуйте! Имеется Cisco 7201 c IOS'ом c7200p-a3jk91s-mz.122-31.SB13.bin.
Поднимаю PPPOE + ISG. Когда настраиваю профил на самом радиусе, почему та Cisco при download'e выдает ошибку. А если профил передаю через policy-map, то пользовател получает сервис успешно. Не как не могу понять в чем проблемаб вроде делаю правильно.
Настрйки Bras'a:
aaa group server radius PPPOE
server x.x.x.x auth-port 1812 acct-port 1813
server-private x.x.x.x auth-port 1812 acct-port 1813 timeout 20 key 7 140713181F13253920
aaa authentication login default local
aaa authentication ppp PPPOE group PPPOE
aaa authorization exec default local
aaa authorization network default group PPPOE
aaa authorization network PPPOE group PPPOE
aaa authorization subscriber-service default group PPPOE
aaa accounting update periodic 2
aaa accounting network PPPOE start-stop group PPPOE

subscriber feature prepaid conf-prepaid
threshold time 0 seconds
threshold volume 1000 bytes
interim-interval 2 minutes
method-list author PPPOE
method-list accounting PPPOE
password cisco
subscriber authorization enable
access-list 199 remark Allow-ALL
access-list 199 permit ip any any
------------------------
Настройка Radiusa:
cisco   Password :="cisco"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP,
        Cisco-Account-Info = "AInternet",
        cisco-avpair = "prepaid-config=conf-prepaid",
A-Internet  Password :="cisco"
        cisco-avpair = "ip:traffic-class=in access-group 199",
        cisco-avpair = "ip:traffic-class=out access-group 199",
        cisco-avpair = "prepaid-config=conf-prepaid",
        cisco-avpair= "accounting-list=PPPOE",
        cisco-avpair= "ip:traffic-class=in default drop",
        cisco-avpair= "ip:traffic-class=out default drop",
        Cisco-Service-Info = "IInternet",
        Cisco-Service-Info = "R0.0.0.0;0.0.0.0",
        Cisco-Service-Info = "TP",
        Cisco-Service-Info = "MC",
        Cisco-Service-Info = "Z",
#       Cisco-Service-Info = "QU;64000;8000;8000;D;64000;8000;8000"
        Cisco-Control-Info = "QV1000000",
        Service-Type = Outbound-User
A тут debug:

Nov  8 23:20:30.873: RADIUS:  authenticator C0 70 82 A2 3C 1F 6F 98 - 86 6C 9F 05 23 7D 8E 6B
Nov  8 23:20:30.873: RADIUS:  User-Name           [1]   10  "Internet"
Nov  8 23:20:30.873: RADIUS:  User-Password       [2]   18  *
Nov  8 23:20:30.873: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Nov  8 23:20:30.873: RADIUS:  NAS-Port            [5]   6   38
Nov  8 23:20:30.873: RADIUS:  NAS-Port-Id         [87]  16  "Uniq-Sess-ID38"
Nov  8 23:20:30.873: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
Nov  8 23:20:30.873: RADIUS:  NAS-IP-Address      [4]   6   10.10.10.1
Nov  8 23:20:30.873: RADIUS:  Acct-Session-Id     [44]  10  "00000041"
Nov  8 23:20:30.873: Vi4 Debug: Condition 1, username cisco triggered, count 2
Nov  8 23:20:30.877: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up
Nov  8 23:20:31.025: RADIUS/ENCODE(00000037):Orig. component type = VPDN
Nov  8 23:20:31.025: RADIUS(00000037): Config NAS IP: 0.0.0.0
Nov  8 23:20:31.025: RADIUS/ENCODE: Best Local IP-Address 10.10.10.10 for Radius-Server 195.158.12.6
Nov  8 23:20:31.053: RADIUS: Received from id 1646/181 10.10.10.1:1813, Accounting-response, len 20
Nov  8 23:20:31.877: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state to up
Nov  8 23:20:34.133: RADIUS: Received from id 1645/57 10.10.10.1:1812, Access-Reject, len 20
Nov  8 23:20:34.133: RADIUS:  authenticator C6 EC 85 48 1F 24 ED 51 - 54 78 2A FD 6D 41 D6 C1
Nov  8 23:20:34.133: RADIUS(00000037): Received from id 1645/57
Nov  8 23:20:34.133: SVM [3E00000D/Internet]: [B0000040]: client download failed
Nov  8 23:22:18.493: RADIUS/ENCODE(00000037):Orig. component type = VPDN
Nov  8 23:22:18.493: RADIUS(00000037): Config NAS IP: 0.0.0.0
Nov  8 23:22:18.493: RADIUS/ENCODE: Best Local IP-Address 10.10.10.10 for Radius-Server 10.10.10.1
Nov  8 23:22:18.509: RADIUS: Received from id 1646/182 10.10.10.1:1813, Accounting-response, len 20

Исходное сообщение
"ISG + Radius" Отправлено mighty, 09-Ноя-08 10:39
Здраствуйте! Имеется Cisco 7201 c IOS'ом c7200p-a3jk91s-mz.122-31.SB13.bin. Поднимаю PPPOE + ISG. Когда настраиваю профил на самом радиусе, почему та Cisco при download'e выдает ошибку. А если профил передаю через policy-map, то пользовател получает сервис успешно. Не как не могу понять в чем проблемаб вроде делаю правильно. Настрйки Bras'a: aaa group server radius PPPOE server x.x.x.x auth-port 1812 acct-port 1813 server-private x.x.x.x auth-port 1812 acct-port 1813 timeout 20 key 7 140713181F13253920 aaa authentication login default local aaa authentication ppp PPPOE group PPPOE aaa authorization exec default local aaa authorization network default group PPPOE aaa authorization network PPPOE group PPPOE aaa authorization subscriber-service default group PPPOE aaa accounting update periodic 2 aaa accounting network PPPOE start-stop group PPPOE subscriber feature prepaid conf-prepaid threshold time 0 seconds threshold volume 1000 bytes interim-interval 2 minutes method-list author PPPOE method-list accounting PPPOE password cisco subscriber authorization enable access-list 199 remark Allow-ALL access-list 199 permit ip any any ------------------------ Настройка Radiusa: cisco Password :="cisco" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 172.16.3.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP, Cisco-Account-Info = "AInternet", cisco-avpair = "prepaid-config=conf-prepaid", A-Internet Password :="cisco" cisco-avpair = "ip:traffic-class=in access-group 199", cisco-avpair = "ip:traffic-class=out access-group 199", cisco-avpair = "prepaid-config=conf-prepaid", cisco-avpair= "accounting-list=PPPOE", cisco-avpair= "ip:traffic-class=in default drop", cisco-avpair= "ip:traffic-class=out default drop", Cisco-Service-Info = "IInternet", Cisco-Service-Info = "R0.0.0.0;0.0.0.0", Cisco-Service-Info = "TP", Cisco-Service-Info = "MC", Cisco-Service-Info = "Z", # Cisco-Service-Info = "QU;64000;8000;8000;D;64000;8000;8000" Cisco-Control-Info = "QV1000000", Service-Type = Outbound-User A тут debug: Nov 8 23:20:30.873: RADIUS: authenticator C0 70 82 A2 3C 1F 6F 98 - 86 6C 9F 05 23 7D 8E 6B Nov 8 23:20:30.873: RADIUS: User-Name [1] 10 "Internet" Nov 8 23:20:30.873: RADIUS: User-Password [2] 18 * Nov 8 23:20:30.873: RADIUS: NAS-Port-Type [61] 6 Virtual [5] Nov 8 23:20:30.873: RADIUS: NAS-Port [5] 6 38 Nov 8 23:20:30.873: RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID38" Nov 8 23:20:30.873: RADIUS: Service-Type [6] 6 Outbound [5] Nov 8 23:20:30.873: RADIUS: NAS-IP-Address [4] 6 10.10.10.1 Nov 8 23:20:30.873: RADIUS: Acct-Session-Id [44] 10 "00000041" Nov 8 23:20:30.873: Vi4 Debug: Condition 1, username cisco triggered, count 2 Nov 8 23:20:30.877: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up Nov 8 23:20:31.025: RADIUS/ENCODE(00000037):Orig. component type = VPDN Nov 8 23:20:31.025: RADIUS(00000037): Config NAS IP: 0.0.0.0 Nov 8 23:20:31.025: RADIUS/ENCODE: Best Local IP-Address 10.10.10.10 for Radius-Server 195.158.12.6 Nov 8 23:20:31.053: RADIUS: Received from id 1646/181 10.10.10.1:1813, Accounting-response, len 20 Nov 8 23:20:31.877: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state to up Nov 8 23:20:34.133: RADIUS: Received from id 1645/57 10.10.10.1:1812, Access-Reject, len 20 Nov 8 23:20:34.133: RADIUS: authenticator C6 EC 85 48 1F 24 ED 51 - 54 78 2A FD 6D 41 D6 C1 Nov 8 23:20:34.133: RADIUS(00000037): Received from id 1645/57 Nov 8 23:20:34.133: SVM [3E00000D/Internet]: [B0000040]: client download failed Nov 8 23:22:18.493: RADIUS/ENCODE(00000037):Orig. component type = VPDN Nov 8 23:22:18.493: RADIUS(00000037): Config NAS IP: 0.0.0.0 Nov 8 23:22:18.493: RADIUS/ENCODE: Best Local IP-Address 10.10.10.10 for Radius-Server 10.10.10.1 Nov 8 23:22:18.509: RADIUS: Received from id 1646/182 10.10.10.1:1813, Accounting-response, len 20

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

> Здраствуйте! Имеется Cisco 7201 c IOS'ом c7200p-a3jk91s-mz.122-31.SB13.bin.

> Поднимаю PPPOE + ISG. Когда настраиваю профил на самом радиусе, почему та 
> Cisco при download'e выдает ошибку. А если профил передаю через policy-map, 
> то пользовател получает сервис успешно. Не как не могу понять в 
> чем проблемаб вроде делаю правильно.

> Настрйки Bras'a:

> aaa group server radius PPPOE 
>  server x.x.x.x auth-port 1812 acct-port 1813 
>  server-private x.x.x.x auth-port 1812 acct-port 1813 timeout 20 key 7 140713181F13253920

> aaa authentication login default local 
> aaa authentication ppp PPPOE group PPPOE 
> aaa authorization exec default local 
> aaa authorization network default group PPPOE 
> aaa authorization network PPPOE group PPPOE 
> aaa authorization subscriber-service default group PPPOE 
> aaa accounting update periodic 2 
> aaa accounting network PPPOE start-stop group PPPOE

> subscriber feature prepaid conf-prepaid 
>  threshold time 0 seconds 
>  threshold volume 1000 bytes 
>  interim-interval 2 minutes 
>  method-list author PPPOE 
>  method-list accounting PPPOE 
>  password cisco

> subscriber authorization enable

> access-list 199 remark Allow-ALL 
> access-list 199 permit ip any any

> ------------------------ 
> Настройка Radiusa:

> cisco   Password :="cisco" 
>         Service-Type = Framed-User, 
>         Framed-Protocol = PPP, 
>         Framed-IP-Address = 172.16.3.33, 
>         Framed-IP-Netmask = 255.255.255.0, 
>         Framed-Routing = Broadcast-Listen, 
>         Framed-MTU = 1500, 
>         Framed-Compression = Van-Jacobsen-TCP-IP, 
>         Cisco-Account-Info = "AInternet", 
>         cisco-avpair = "prepaid-config=conf-prepaid",

> A-Internet  Password :="cisco" 
>         cisco-avpair = "ip:traffic-class=in access-group 
> 199", 
>         cisco-avpair = "ip:traffic-class=out access-group 
> 199", 
>         cisco-avpair = "prepaid-config=conf-prepaid", 
>         cisco-avpair= "accounting-list=PPPOE", 
>         cisco-avpair= "ip:traffic-class=in default drop", 
 
>         cisco-avpair= "ip:traffic-class=out default drop", 
 
>         Cisco-Service-Info = "IInternet", 
>         Cisco-Service-Info = "R0.0.0.0;0.0.0.0", 
>         Cisco-Service-Info = "TP", 
>         Cisco-Service-Info = "MC", 
>         Cisco-Service-Info = "Z", 
> #       Cisco-Service-Info = "QU;64000;8000;8000;D;64000;8000;8000" 
>         Cisco-Control-Info = "QV1000000", 
>         Service-Type = Outbound-User

> A тут debug:

> Nov  8 23:20:30.873: RADIUS:  authenticator C0 70 82 A2 3C 
> 1F 6F 98 - 86 6C 9F 05 23 7D 8E 
> 6B 
> Nov  8 23:20:30.873: RADIUS:  User-Name      
>      [1]   10  "Internet" 
 
> Nov  8 23:20:30.873: RADIUS:  User-Password      
>  [2]   18  * 
> Nov  8 23:20:30.873: RADIUS:  NAS-Port-Type      
>  [61]  6   Virtual     
>            
>    [5] 
> Nov  8 23:20:30.873: RADIUS:  NAS-Port      
>       [5]   6  
>  38 
> Nov  8 23:20:30.873: RADIUS:  NAS-Port-Id      
>    [87]  16  "Uniq-Sess-ID38" 
> Nov  8 23:20:30.873: RADIUS:  Service-Type      
>   [6]   6   Outbound   
>            
>     [5] 
> Nov  8 23:20:30.873: RADIUS:  NAS-IP-Address      
> [4]   6   10.10.10.1 
> Nov  8 23:20:30.873: RADIUS:  Acct-Session-Id     [44] 
>  10  "00000041" 
> Nov  8 23:20:30.873: Vi4 Debug: Condition 1, username cisco triggered, count 
> 2 
> Nov  8 23:20:30.877: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up 
> Nov  8 23:20:31.025: RADIUS/ENCODE(00000037):Orig. component type = VPDN 
> Nov  8 23:20:31.025: RADIUS(00000037): Config NAS IP: 0.0.0.0 
> Nov  8 23:20:31.025: RADIUS/ENCODE: Best Local IP-Address 10.10.10.10 for Radius-Server 
> 195.158.12.6 
> Nov  8 23:20:31.053: RADIUS: Received from id 1646/181 10.10.10.1:1813, Accounting-response, 
> len 20 
> Nov  8 23:20:31.877: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, 
> changed state to up 
> Nov  8 23:20:34.133: RADIUS: Received from id 1645/57 10.10.10.1:1812, Access-Reject, len 
> 20 
> Nov  8 23:20:34.133: RADIUS:  authenticator C6 EC 85 48 1F 
> 24 ED 51 - 54 78 2A FD 6D 41 D6 
> C1 
> Nov  8 23:20:34.133: RADIUS(00000037): Received from id 1645/57 
> Nov  8 23:20:34.133: SVM [3E00000D/Internet]: [B0000040]: client download failed 
> Nov  8 23:22:18.493: RADIUS/ENCODE(00000037):Orig. component type = VPDN 
> Nov  8 23:22:18.493: RADIUS(00000037): Config NAS IP: 0.0.0.0 
> Nov  8 23:22:18.493: RADIUS/ENCODE: Best Local IP-Address 10.10.10.10 for Radius-Server 
> 10.10.10.1 
> Nov  8 23:22:18.509: RADIUS: Received from id 1646/182 10.10.10.1:1813, Accounting-response, 
> len 20

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру