(RADIATOR) Cisco router sending 4 RADIUS accts per login

Tunde tunde at favour.linkserve.net
Thu Oct 4 09:18:52 CDT 2001


I have the following as check items for some of our customers
(Service-Type = Framed-User, Time = "Al2000 - 0700").  This is used as a
means of offering service based on time of the day restriction 8pm - 7am.
I am
surprised that some of our customers are actually connecting at other time
outside the range specified.  This is seriously causimg an abuse of our
network.  Can you pls help?

On Thu, 4 Oct 2001, Mike McCauley wrote:
> ----------  Forwarded Message  ----------
>
> Subject: BOUNCE radiator at open.com.au:    Non-member submission from
> ["Ollis, Stephen" <Ollis.Stephen at wcom.com.au>]
> Date: Thu, 4 Oct 2001 02:31:00 -0500
> From: owner-radiator at open.com.au
> To: radiator-approval at open.com.au
>
> >From mikem at server1.open.com.au Thu Oct  4 02:31:00 2001
>
> Received: from cnhon1imr4.i.wcom.com.hk (mailhost3.wcom.com.hk
>  [202.130.178.68]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id
>  f947Ux305579
> 	for <radiator at open.com.au>; Thu, 4 Oct 2001 02:30:59 -0500
> X-Internal-ID: 3BA9ED2F0004C130
> Received: from cnhon1imr4.i.wcom.com.hk (166.45.172.22) by
>  cnhon1imr4.i.wcom.com.hk (NPlex 3.0.036) for radiator at open.com.au; Thu, 4
>  Oct 2001 10:15:14 +0100 Received: from cnhon1gw0.i.wcom.com.hk
>  (cnhon1gw0.i.wcom.com.hk [166.45.172.46]) by cnhon1imr4.i.wcom.com.hk with
>  SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Thu, 04 Oct 2001
>  10:14:47 +0100 Received: by cnhon1gw0.i.wcom.com.hk with Internet Mail
>  Service (5.5.2653.19) id <4185SYHG>; Thu, 4 Oct 2001 17:15:36 +0800
> Message-ID: <C1CFCBF00D83D511871E00508B638F254B6F06 at AUSYD1EX4>
> From: "Ollis, Stephen" <Ollis.Stephen at wcom.com.au>
> To: "'radiator at open.com.au'" <radiator at open.com.au>
> Subject: Cisco router sending 4 RADIUS accts per login
> Date: Thu, 4 Oct 2001 17:15:06 +0800
> MIME-Version: 1.0
> X-Mailer: Internet Mail Service (5.5.2653.19)
> Content-Type: multipart/mixed;
> 	boundary="----_=_NextPart_000_01C14CB5.0F1795C0"
> X-SMTP-HELO: cnhon1gw0.i.wcom.com.hk
> X-SMTP-MAIL-FROM: Ollis.Stephen at wcom.com.au
> X-SMTP-PEER-INFO: cnhon1gw0.i.wcom.com.hk [166.45.172.46]
>
> This message is in MIME format. Since your mail reader does not understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_000_01C14CB5.0F1795C0
> Content-Type: text/plain;
> 	charset="iso-8859-1"
>
> I have an L2TP setup using a Cisco 4500 acting as the Tunnel EndPoint,
> and an Ascend TNT as the Tunnel Initiator. There is a Radiator platform
> which is used as the Tunnel Auth Server which proxies the request
> to our production Radius servers and strips out the L2TP setup
> parameters. This all works fine!
>
> Except...
>
> I get 3 copies of each of the acct-start and acct-stop records.
>
> How can I make it stop?
>
> Radius specific CISCO config lines are:
> aaa new-model
> aaa authentication ppp default local
> aaa authentication ppp vpdn group radius
> aaa accounting network default start-stop group radius
> !
> radius-server host x.x.x.x auth-port 1645 acct-port 1646
> radius-server retransmit 3
> radius-server key XXXXXXXXXXX
>
> Radiator config is:
>
> # Set this to the directory where your logfile and details file are to go
> LogDir /var/log/radius
> LogFile %L/radius.%Y%m%d.log
> Trace 3
>
> # Set this to the database directory. It should contain these files:
> # users           The user database
> # dictionary      The dictionary for your NAS
> DbDir /usr/local/etc/raddb
>
> # we're mulithomed, so we'll hard specify the interface we want.
> BindAddress x.x.x.x
>
> # This clause defines a single client to listen to
> <Client CI.SC.OB.OX>
> 	Secret XXXXXXXXXXXXXX
> 	DupInterval 30
> </Client>
>
> # For testing: this allows us to honour requests from radpwtst
> # on the same host.
> <Client localhost>
> 	Secret mysecret
> 	DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> 	<AuthBy RADIUS>
>                 StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Server-Endpoint
> 		Host prod-radius1,prod-radius2,prod-radius3
> 		Secret XXXXXXXXXXXXX
> 		AuthPort 1645
> 		AcctPort 1646
> 		IgnoreAccounting
> 	</AuthBy>
> 	# Log accounting to the detail file in LogDir
> 	AuthLog %L/proxy-auth.%Y%m%d.log
> 	AcctLogFileName	%L/proxy-detail.%Y%m%d.log
> </Realm>
>
> Excerpt of trace 4 log:
>
>
> ---
> UUNET Asia Pacific, Network Services           Ph: +61 2 9434 5172
> Stephen Ollis <Ollis.Stephen at wcom.com.au>      Fx: +61 2 9434 5800
> Systems Technical Assistance Centre, Manager   Mb: 0410 599462
> Level 3, 203 Pacific Highway, St. Leonards NSW 2065  AUSTRALIA
>
> "Never be afraid to take a risk; amateurs built the Ark,
>  professionals built the Titanic.." - unknown
>
> PGP Key available- http://www.ozemail.com.au/~sollis/public-key.asc
>
>
>
> ------_=_NextPart_000_01C14CB5.0F1795C0
> Content-Type: application/octet-stream;
> 	name="radius.log"
> Content-Disposition: attachment;
> 	filename="radius.log"
>
> Thu Oct  4 19:08:28 2001
>         NAS-IP-Address = CI.SC.OB.OX
>         NAS-Port = 1
>         NAS-Port-Type = Async
>         User-Name = "tunneluser"
>         Called-Station-Id = "xxxxxxxxxx"
>         Calling-Station-Id = "02xxyyyyyyyy"
>         Acct-Status-Type = Stop
>         Acct-Authentic = RADIUS
>         Service-Type = Framed-User
>         Acct-Session-Id = "00000044"
>         Framed-Protocol = PPP
>         Framed-IP-Address = cis.co.ip.pool
>         Acct-Terminate-Cause = User-Request
>         Acct-Input-Octets = 14958
>         Acct-Output-Octets = 105195
>         Acct-Input-Packets = 184
>         Acct-Output-Packets = 213
>         Acct-Session-Time = 73
>         Acct-Delay-Time = 0
>         Timestamp = 1002186508
>
> Thu Oct  4 19:08:33 2001
>         NAS-IP-Address = CI.SC.OB.OX
>         NAS-Port = 1
>         NAS-Port-Type = Async
>         User-Name = "tunneluser"
>         Called-Station-Id = "xxxxxxxxxx"
>         Calling-Station-Id = "02xxyyyyyyyy"
>         Acct-Status-Type = Stop
>         Acct-Authentic = RADIUS
>         Service-Type = Framed-User
>         Acct-Session-Id = "00000044"
>         Framed-Protocol = PPP
>         Framed-IP-Address = cis.co.ip.pool
>         Acct-Terminate-Cause = User-Request
>         Acct-Input-Octets = 14958
>         Acct-Output-Octets = 105195
>         Acct-Input-Packets = 184
>         Acct-Output-Packets = 213
>         Acct-Session-Time = 73
>         Acct-Delay-Time = 5
>         Timestamp = 1002186508
>
> Thu Oct  4 19:08:38 2001
>         NAS-IP-Address = CI.SC.OB.OX
>         NAS-Port = 1
>         NAS-Port-Type = Async
>         User-Name = "tunneluser"
>         Called-Station-Id = "xxxxxxxxxx"
>         Calling-Station-Id = "02xxyyyyyyyy"
>         Acct-Status-Type = Stop
>         Acct-Authentic = RADIUS
>         Service-Type = Framed-User
>         Acct-Session-Id = "00000044"
>         Framed-Protocol = PPP
>         Framed-IP-Address = cis.co.ip.pool
>         Acct-Terminate-Cause = User-Request
>         Acct-Input-Octets = 14958
>         Acct-Output-Octets = 105195
>         Acct-Input-Packets = 184
>         Acct-Output-Packets = 213
>         Acct-Session-Time = 73
>         Acct-Delay-Time = 10
>         Timestamp = 1002186508
>
> Thu Oct  4 19:08:43 2001
>         NAS-IP-Address = CI.SC.OB.OX
>         NAS-Port = 1
>         NAS-Port-Type = Async
>         User-Name = "tunneluser"
>         Called-Station-Id = "xxxxxxxxxx"
>         Calling-Station-Id = "02xxyyyyyyyy"
>         Acct-Status-Type = Stop
>         Acct-Authentic = RADIUS
>         Service-Type = Framed-User
>         Acct-Session-Id = "00000044"
>         Framed-Protocol = PPP
>         Framed-IP-Address = cis.co.ip.pool
>         Acct-Terminate-Cause = User-Request
>         Acct-Input-Octets = 14958
>         Acct-Output-Octets = 105195
>         Acct-Input-Packets = 184
>         Acct-Output-Packets = 213
>         Acct-Session-Time = 73
>         Acct-Delay-Time = 15
>         Timestamp = 1002186508
>
> ------_=_NextPart_000_01C14CB5.0F1795C0--
>
> -------------------------------------------------------
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-------------------------------------------------------
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list