Cisco router sending 4 RADIUS accts per login

Ollis, Stephen Ollis.Stephen at wcom.com.au
Thu Oct 4 04:15:06 CDT 2001


I have an L2TP setup using a Cisco 4500 acting as the Tunnel EndPoint,
and an Ascend TNT as the Tunnel Initiator. There is a Radiator platform
which is used as the Tunnel Auth Server which proxies the request
to our production Radius servers and strips out the L2TP setup
parameters. This all works fine!

Except...

I get 3 copies of each of the acct-start and acct-stop records.

How can I make it stop?

Radius specific CISCO config lines are:
aaa new-model
aaa authentication ppp default local
aaa authentication ppp vpdn group radius
aaa accounting network default start-stop group radius
!
radius-server host x.x.x.x auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key XXXXXXXXXXX

Radiator config is:

# Set this to the directory where your logfile and details file are to go
LogDir /var/log/radius
LogFile %L/radius.%Y%m%d.log
Trace 3

# Set this to the database directory. It should contain these files:
# users           The user database
# dictionary      The dictionary for your NAS
DbDir /usr/local/etc/raddb

# we're mulithomed, so we'll hard specify the interface we want.
BindAddress x.x.x.x

# This clause defines a single client to listen to
<Client CI.SC.OB.OX>
	Secret XXXXXXXXXXXXXX
	DupInterval 30
</Client>

# For testing: this allows us to honour requests from radpwtst
# on the same host.
<Client localhost>
	Secret mysecret
	DupInterval 0
</Client>

<Realm DEFAULT>
	<AuthBy RADIUS>
                StripFromReply
Tunnel-Type,Tunnel-Medium-Type,Tunnel-Server-Endpoint
		Host prod-radius1,prod-radius2,prod-radius3
		Secret XXXXXXXXXXXXX
		AuthPort 1645
		AcctPort 1646
		IgnoreAccounting
	</AuthBy>
	# Log accounting to the detail file in LogDir
	AuthLog %L/proxy-auth.%Y%m%d.log
	AcctLogFileName	%L/proxy-detail.%Y%m%d.log
</Realm>

Excerpt of trace 4 log:


---
UUNET Asia Pacific, Network Services           Ph: +61 2 9434 5172
Stephen Ollis <Ollis.Stephen at wcom.com.au>      Fx: +61 2 9434 5800
Systems Technical Assistance Centre, Manager   Mb: 0410 599462
Level 3, 203 Pacific Highway, St. Leonards NSW 2065  AUSTRALIA

"Never be afraid to take a risk; amateurs built the Ark,
 professionals built the Titanic.." - unknown

PGP Key available- http://www.ozemail.com.au/~sollis/public-key.asc


-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius.log
Type: application/octet-stream
Size: 2849 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011004/0454599a/attachment.obj>


More information about the radiator mailing list