форумы  помощь  поиск  регистрация  майллист  ВХОД  слежка

Вариант для распечатки		Пред. тема | След. тема
Форумы Маршрутизаторы CISCO и др. оборудование. (Public)
Изначальное сообщение		[Проследить за развитием треда]

"Вопрос по радиус!"

Сообщение от kevich (??) on 27-Июн-06, 14:25

Доброго дня всем! Помогите советом. Есть конфиг: aaa new-model ! ! aaa group server radius rad1 server 192.168.2.37 auth-port 1812 acct-port 1813 ! aaa authentication login default local aaa authentication login h323 group rad1 aaa authentication login use-radius group rad1 local aaa authentication ppp default local aaa authentication ppp ppp-radius group rad1 aaa authentication ppp no-authentication none aaa authorization exec default local aaa authorization exec h323 group rad1 aaa authorization network default local aaa accounting network default start-stop group rad1 aaa accounting connection h323 start-stop broadcast group rad1 aaa nas port extended aaa session-id common ! interface Serial0:15 no ip address encapsulation ppp isdn switch-type primary-net5 isdn incoming-voice modem isdn send-alerting isdn sending-complete ! interface Group-Async0 ip unnumbered Ethernet0 ip accounting output-packets encapsulation ppp ip tcp header-compression autodetect encapsulation ppp async mode dedicated peer default ip address pool DialIn-Internet ppp authentication pap ppp-radius group-range 1 120 ! ip local pool DialIn-Internet 192.168.0.1 192.168.0.120 ! radius-server host 192.168.2.37 auth-port 1812 acct-port 1813 timeout 60 retransmit 0 key 7 13060516001A0E39 radius-server vsa send accounting radius-server vsa send authentication ! line 1 120 login authentication use-radius modem Dialin modem autoconfigure discovery autoselect ppp Вот при таком раскладе при звонке с модема получаю по debug radius следующее: 00:18:32: %ISDN-6-CONNECT: Interface Serial0:0 is now connected to 2222005 N/A 00:18:48: %LINK-3-UPDOWN: Interface Async64, changed state to up 00:18:48: RADIUS/ENCODE(0000007D):Orig. component type = ISDN 00:18:48: RADIUS/ENCODE: Skip encoding 0 length AAA attribute dnis 00:18:48: RADIUS(0000007D): Storing nasport 64 in rad_db 00:18:48: RADIUS(0000007D): Config NAS IP: 0.0.0.0 00:18:48: RADIUS/ENCODE(0000007D): acct_session_id: 125 00:18:48: RADIUS(0000007D): sending 00:18:48: RADIUS/ENCODE: Best Local IP-Address 192.168.2.39 for Radius-Server 192.168.2.37 00:18:48: RADIUS(0000007D): Send Access-Request to 192.168.2.37:1812 id 1645/3, len 109 00:18:48: RADIUS:  authenticator 9A 15 DD 3D 21 14 E5 F1 - D2 08 6D 03 4F 18 40 DA 00:18:48: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1] 00:18:48: RADIUS:  User-Name           [1]   7   "aldon" 00:18:48: RADIUS:  User-Password       [2]   18  * 00:18:48: RADIUS:  Calling-Station-Id  [31]  9   "2222005" 00:18:48: RADIUS:  Vendor, Cisco       [26]  25   00:18:48: RADIUS:   cisco-nas-port     [2]   19  "Async64*Serial0:0" 00:18:48: RADIUS:  NAS-Port            [5]   6   64                         00:18:48: RADIUS:  NAS-Port-Type       [61]  6   Async                     [0] 00:18:48: RADIUS:  Service-Type        [6]   6   Framed                    [2] 00:18:48: RADIUS:  NAS-IP-Address      [4]   6   192.168.2.39               00:18:49: RADIUS: Received from id 1645/3 192.168.2.37:1812, Access-Accept, len 26 00:18:49: RADIUS:  authenticator 38 D4 AB FF CD 71 3A F1 - EE 16 47 F7 9A 6C EB 20 00:18:49: RADIUS:  Session-Timeout     [27]  6   43020                     00:18:49: RADIUS(0000007D): Received from id 1645/3 00:18:49: %ISDN-6-DISCONNECT: Interface Serial0:0  disconnected from 2222005 , call lasted 17 seconds 00:18:51: %LINK-5-CHANGED: Interface Async64, changed state to reset 00:18:56: %LINK-3-UPDOWN: Interface Async64, changed state to down на клиенте ошибка: PPP link protokol was terminated 734 Если убираю с interface Group-Async0 строчку ppp authentication pap ppp-radius и логонюсь юзером, прописанным в конфиге, конект проходит нормально. Куда копать?

Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

Сообщения по теме

[Сортировка по времени, UBB]

1. "Вопрос по радиус!"

Сообщение от sh_ (??) on 27-Июн-06, 18:34

А что выдает deb aaa authen и deb ppp neg

Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

2. "Вопрос по радиус!"

Сообщение от spa (??) on 30-Июн-06, 12:17

aaa authorization exec ppp-radius group rad1 aaa authorization network ppp-radius group rad1

Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

	3. "Вопрос по радиус!"
	Сообщение от kevich (??) on 30-Июн-06, 15:14
	Спасибо! Победил :)
	Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

	4. "Вопрос по радиус!"
	Сообщение от kevich (??) on 30-Июн-06, 15:33
	Ситуация немного изменилась. Теперь модем цепляется к циске,потом отваливается по таймауту. Вот дебаги: 00:04:11: %ISDN-6-CONNECT: Interface Serial0:0 is now connected to 2222005 N/A 00:04:32: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on Ethernet0 (not full duplex), with Komtel.almaty_komtel_1 FastEthernet0/0 (full duplex). 00:04:33: %LINK-3-UPDOWN: Interface Async61, changed state to up 00:04:33: As61 PPP: Using modem call direction 00:04:33: As61 PPP: Treating connection as a callin 00:04:33: As61 PPP: Phase is ESTABLISHING, Passive Open 00:04:33: As61 LCP: State is Listen 00:04:34: As61 LCP: I CONFREQ [Listen] id 2 len 23 00:04:34: As61 LCP:    ACCM 0x00000000 (0x020600000000) 00:04:34: As61 LCP:    MagicNumber 0x66086AEB (0x050666086AEB) 00:04:34: As61 LCP:    PFC (0x0702) 00:04:34: As61 LCP:    ACFC (0x0802) 00:04:34: As61 LCP:    Callback 6  (0x0D0306) 00:04:34: As61 LCP: O CONFREQ [Listen] id 11 len 24 00:04:34: As61 LCP:    ACCM 0x000A0000 (0x0206000A0000) 00:04:34: As61 LCP:    AuthProto PAP (0x0304C023) 00:04:34: As61 LCP:    MagicNumber 0xE0230DEE (0x0506E0230DEE) 00:04:34: As61 LCP:    PFC (0x0702) 00:04:34: As61 LCP:    ACFC (0x0802) 00:04:34: As61 LCP: O CONFREJ [Listen] id 2 len 7 00:04:34: As61 LCP:    Callback 6  (0x0D0306) 00:04:34: As61 LCP: I CONFACK [REQsent] id 11 len 24 00:04:34: As61 LCP:    ACCM 0x000A0000 (0x0206000A0000) 00:04:34: As61 LCP:    AuthProto PAP (0x0304C023) 00:04:34: As61 LCP:    MagicNumber 0xE0230DEE (0x0506E0230DEE) 00:04:34: As61 LCP:    PFC (0x0702) 00:04:34: As61 LCP:    ACFC (0x0802) 00:04:34: As61 LCP: I CONFREQ [ACKrcvd] id 3 len 20 00:04:34: As61 LCP:    ACCM 0x00000000 (0x020600000000) 00:04:34: As61 LCP:    MagicNumber 0x66086AEB (0x050666086AEB) 00:04:34: As61 LCP:    PFC (0x0702) 00:04:34: As61 LCP:    ACFC (0x0802) 00:04:34: As61 LCP: O CONFACK [ACKrcvd] id 3 len 20 00:04:34: As61 LCP:    ACCM 0x00000000 (0x020600000000) 00:04:34: As61 LCP:    MagicNumber 0x66086AEB (0x050666086AEB) 00:04:34: As61 LCP:    PFC (0x0702) 00:04:34: As61 LCP:    ACFC (0x0802) 00:04:34: As61 LCP: State is Open 00:04:34: As61 PPP: Phase is AUTHENTICATING, by this end 00:04:34: As61 LCP: I IDENTIFY [Open] id 4 len 18 magic 0x66086AEB MSRASV5.00 00:04:34: As61 LCP: I IDENTIFY [Open] id 5 len 21 magic 0x66086AEB MSRAS-1-ALDON 00:04:34: As61 PAP: I AUTH-REQ id 30 len 21 from "aldon" 00:04:34: As61 PAP: Authenticating peer aldon 00:04:34: As61 PPP: Phase is FORWARDING, Attempting Forward 00:04:34: As61 PPP: Phase is AUTHENTICATING, Unauthenticated User 00:04:34: AAA/AUTHEN/PPP (0000007B): Pick method list 'ppp-radius' 00:04:34: RADIUS/ENCODE(0000007B):Orig. component type = ISDN 00:04:34: RADIUS/ENCODE: Skip encoding 0 length AAA attribute dnis 00:04:34: RADIUS(0000007B): Storing nasport 61 in rad_db 00:04:34: RADIUS(0000007B): Config NAS IP: 0.0.0.0 00:04:34: RADIUS/ENCODE(0000007B): acct_session_id: 123 00:04:34: RADIUS(0000007B): sending 00:04:34: RADIUS/ENCODE: Best Local IP-Address 87.247.15.112 for Radius-Server 87.247.15.102 00:04:34: RADIUS(0000007B): Send Access-Request to 87.247.15.102:1812 id 1645/1, len 99 00:04:34: RADIUS:  authenticator F5 0D C9 06 1D 3A 6E BC - 02 32 49 DC 22 D2 D6 5B 00:04:34: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1] 00:04:34: RADIUS:  User-Name           [1]   7   "aldon" 00:04:34: RADIUS:  User-Password       [2]   18  * 00:04:34: RADIUS:  Calling-Station-Id  [31]  9   "2222005" 00:04:34: RADIUS:  Vendor, Cisco       [26]  15   00:04:34: RADIUS:   cisco-nas-port     [2]   9   "Async61" 00:04:34: RADIUS:  NAS-Port            [5]   6   61                         00:04:34: RADIUS:  NAS-Port-Type       [61]  6   Async                     [0] 00:04:34: RADIUS:  Service-Type        [6]   6   Framed                    [2] 00:04:34: RADIUS:  NAS-IP-Address      [4]   6   87.247.15.112             00:04:38: As61 PAP: I AUTH-REQ id 31 len 21 from "aldon" 00:04:38: As61 PAP: Ignoring Additional Request 00:04:42: As61 PAP: I AUTH-REQ id 32 len 21 from "aldon" 00:04:42: As61 PAP: Ignoring Additional Request 00:04:44: As61 AUTH: Timeout 1 00:04:46: As61 PAP: I AUTH-REQ id 33 len 21 from "aldon" 00:04:46: As61 PAP: Ignoring Additional Request 00:04:50: As61 PAP: I AUTH-REQ id 34 len 21 from "aldon" 00:04:50: As61 PAP: Ignoring Additional Request 00:04:54: As61 PAP: I AUTH-REQ id 35 len 21 from "aldon" 00:04:54: As61 PAP: Ignoring Additional Request 00:04:54: As61 AUTH: Timeout 2 00:04:58: As61 PAP: I AUTH-REQ id 36 len 21 from "aldon" 00:04:58: As61 PAP: Ignoring Additional Request 00:05:02: As61 PAP: I AUTH-REQ id 37 len 21 from "aldon" 00:05:02: As61 PAP: Ignoring Additional Request 00:05:04: As61 AUTH: Timeout 3 00:05:06: As61 PAP: I AUTH-REQ id 38 len 21 from "aldon" 00:05:06: As61 PAP: Ignoring Additional Request 00:05:10: As61 PAP: I AUTH-REQ id 39 len 21 from "aldon" 00:05:10: As61 PAP: Ignoring Additional Request 00:05:10: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on Ethernet0 (not full duplex), with gtk-gw1-alma FastEthernet0 (full duplex). 00:05:14: As61 LCP: I TERMREQ [Open] id 6 len 16 (0x66086AEB003CCD74000002CE) 00:05:14: As61 LCP: O TERMACK [Open] id 6 len 4 00:05:14: As61 PPP: Sending Acct Event[Down] id[7B] 00:05:14: As61 PPP: Phase is TERMINATING 00:05:15: %ISDN-6-DISCONNECT: Interface Serial0:0  disconnected from 2222005 , call lasted 64 seconds 00:05:16: As61 LCP: TIMEout: State TERMsent 00:05:16: As61 LCP: State is Closed 00:05:16: As61 PPP: Phase is DOWN 00:05:17: %LINK-5-CHANGED: Interface Async61, changed state to reset 00:05:22: %LINK-3-UPDOWN: Interface Async61, changed state to down что посоветуете?
	Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

	5. "Вопрос по радиус!"
	Сообщение от kevich (??) on 30-Июн-06, 22:15
	Проблема с радиусом решена! Всем спасибо за ответы. Но возникла новая. Не получается настроить НАТ. Модем к циске подключается, получает ип адрес. А пинг проходит только до себя. Вот конфиг, подскажите что я не доделал : Building configuration... Current configuration : 3431 bytes ! version 12.3 service timestamps debug uptime service timestamps log uptime service password-encryption ! ! boot-start-marker boot system tftp c5300-is-mz.123-12a.bin x.x.x.x boot-end-marker ! spe 1/0 2/9 firmware location system:/ucode/mica_port_firmware ! ! resource-pool disable clock timezone gmt 6 ! modem country mica russia aaa new-model ! ! aaa authentication login NONE none aaa authentication login LOCAL local aaa authentication login use-radius group radius local aaa authentication ppp ppp-radius group radius aaa authentication ppp no-authentication none aaa authorization network default group radius local aaa authorization network no-authorization none aaa accounting network default start-stop group radius aaa session-id common ip subnet-zero ip rcmd rsh-enable ip domain name komtel_dialup1 ip name-server x.x.x.x ! async-bootp dns-server x.x.x.x vty-async vty-async virtual-template 1 ! isdn switch-type primary-net5 isdn voice-call-failure 0 ! ! ! ! ! ! ! ! ! ! fax interface-type modem ! !         controller E1 0 clock source line primary pri-group timeslots 1-31 ! controller E1 1 shutdown clock source line secondary 1 pri-group timeslots 1-31 ! controller E1 2 shutdown ! controller E1 3 shutdown ! ! interface Ethernet0 ip address x.x.x.x y.y.y.y ip nat outside ! interface Serial0:15 no ip address encapsulation ppp isdn switch-type primary-net5 isdn incoming-voice modem no keepalive no fair-queue ! interface Serial1:15 no ip address encapsulation ppp isdn switch-type primary-net5 isdn incoming-voice modem isdn send-alerting isdn sending-complete no keepalive no fair-queue ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface Group-Async0 ip unnumbered FastEthernet0 ip nat inside encapsulation ppp ip tcp header-compression ip policy route-map forced-proxy async mode dedicated peer default ip address pool DialIn-Internet group-range 1 120 ! ip local pool DialIn-Internet 192.168.0.1 192.168.0.120 ip nat translation timeout 3600 ip nat translation tcp-timeout 3600 ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 x.x.x.x no ip http server ! ! access-list 1 permit 192.168.0.0 0.0.0.255 ! snmp-server community public RO ! radius-server host x.x.x.x auth-port 1812 acct-port 1813 timeout 60 retransmit 0 key 7 13060516001A0E39 radius-server vsa send accounting radius-server vsa send authentication ! ! ! gateway ! banner motd ^CCUNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED. PROPERTY "Komtel" LLC Kazakhstan Almaty +7(3272)714500^C alias exec ct configure terminal alias exec sr sh run ! line con 0 exec-timeout 0 0 line 1 120 login authentication use-radius modem Dialin modem autoconfigure discovery autoselect ppp line aux 0 line vty 0 4 exec-timeout 0 0 ! ntp clock-period 17179792 ntp server 192.168.2.3 ntp server 195.128.128.3 ntp server 129.132.98.11 ntp server 128.173.14.71 ntp server 18.26.4.105 ntp server 209.81.9.7 ntp server 149.156.4.11 ntp server 137.189.6.18 end
	Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

	6. "Вопрос по радиус!"
	Сообщение от kevich (??) on 01-Июл-06, 00:05
	Все, все проблемы решил. Во всем виновна невнимательность. Всем спасибо!
	Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

	7. "Вопрос по радиус!"
	Сообщение от Dimon_F (ok) on 02-Июл-06, 23:18
	>Все, все проблемы решил. Во всем виновна невнимательность. Всем спасибо! А можно, узнать, как Вы решили проблему того, что модем цеплялся к Циске, а потом отваливался по тайм-ауту? У меня, похожая проблема,если не трудно, оставьте комментарий в соседней ветке или, если можно, посмотреть ваш нынешний работающий конфиг?
	Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

	8. "Вопрос по радиус!"
	Сообщение от kevich (??) on 03-Июл-06, 11:29
	Вот конфиг: Building configuration... Current configuration : 3494 bytes ! ! Last configuration change at 16:47:28 gmt Sun Jul 2 2006 by KeViCh ! NVRAM config last updated at 17:30:31 gmt Sun Jul 2 2006 by KeViCh ! version 12.3 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Komtel_dial_up ! boot-start-marker boot system tftp c5300-is-mz.123-12a.bin x.x.x.x boot-end-marker ! enable password 7 020C0B550205 ! username KeViCh password 7 132205370C231613 username test6 password 7 0355095852 username max password 7 011E071C spe 1/0 2/9 firmware location system:/ucode/mica_port_firmware ! ! resource-pool disable clock timezone gmt 6 ! modem country mica russia aaa new-model ! ! aaa authentication login NONE none aaa authentication login LOCAL local aaa authentication login use-radius group radius local aaa authentication ppp ppp-radius group radius aaa authentication ppp no-authentication none aaa authorization network default group radius local aaa authorization network no-authorization none aaa accounting network default start-stop group radius aaa session-id common ip subnet-zero ip rcmd rsh-enable ip domain name komtel_dialup1 ip name-server x.x.x.x ! vty-async vty-async virtual-template 1 ! isdn switch-type primary-net5 isdn voice-call-failure 0 ! ! ! ! ! ! ! ! ! ! fax interface-type modem ! ! controller E1 0 clock source line primary pri-group timeslots 1-31 ! controller E1 1 shutdown clock source line secondary 1 pri-group timeslots 1-31 ! controller E1 2 shutdown ! controller E1 3 shutdown ! ! interface Ethernet0 ip address x.x.x.x y.y.y.y ip nat outside ! interface Serial0:15 no ip address encapsulation ppp isdn switch-type primary-net5 isdn incoming-voice modem no keepalive no fair-queue ! interface Serial1:15 no ip address encapsulation ppp isdn switch-type primary-net5 isdn incoming-voice modem isdn send-alerting isdn sending-complete no keepalive no fair-queue ! interface FastEthernet0 ip address 192.168.2.39 255.255.255.0 shutdown duplex auto speed auto ! interface Group-Async0 ip unnumbered Ethernet0 ip nat inside encapsulation ppp ip tcp header-compression async dynamic address async dynamic routing async mode dedicated peer default ip address pool DialIn-Internet group-range 1 120 ! ip local pool DialIn-Internet 192.168.0.1 192.168.0.120 ip nat translation timeout 3600 ip nat translation tcp-timeout 3600 ip nat inside source list 1 interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 x.x.x.x no ip http server ! ! access-list 1 permit 192.168.0.0 0.0.0.255 ! snmp-server community public RO ! radius-server host x.x.x.x auth-port 1812 acct-port 1813 timeout 60 retransmit 0 key 7 13060516001A0E39 radius-server vsa send accounting radius-server vsa send authentication !         ! ! gateway ! banner motd ^CCUNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED. PROPERTY "Komtel" LLC Kazakhstan Almaty +7(3272)714500^C alias exec ct configure terminal alias exec sr sh run ! line con 0 exec-timeout 0 0 line 1 120 login authentication use-radius modem Dialin modem autoconfigure discovery autoselect ppp line aux 0 line vty 0 4 exec-timeout 0 0 ! ntp clock-period 17179679 ntp server 192.168.2.3 ntp server 195.128.128.3 ntp server 129.132.98.11 ntp server 128.173.14.71 ntp server 18.26.4.105 ntp server 209.81.9.7 ntp server 149.156.4.11 ntp server 137.189.6.18 end
	Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

Архив | Удалить	Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]