(RADIATOR) Static IPs for users

cistron cistron at neduet.edu.pk
Thu Apr 18 10:48:33 CDT 2002 

While trying to get static IPs for users I found that at the 3640 NAS I
had to give
aaa authorization network radius otherwise it would not get the IP from
Radiator Radius (3.0).

I am using ios 12.2(8) T.  Can someone kindly help me in finding out
where I am making a mistake.

Thanks and Regards

Following is the debug output at access server.

----------------------------------------------------------------------------------------

*Mar  2 00:24:05.261: As98 LCP: I CONFACK [ACKsent] id 141 len 24
*Mar  2 00:24:05.261: As98 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar  2 00:24:05.261: As98 LCP:    AuthProto PAP (0x0304C023)
*Mar  2 00:24:05.261: As98 LCP:    MagicNumber 0x15B80E95
(0x050615B80E95)
*Mar  2 00:24:05.261: As98 LCP:    PFC (0x0702)
*Mar  2 00:24:05.265: As98 LCP:    ACFC (0x0802)
*Mar  2 00:24:05.265: As98 LCP: State is Open
*Mar  2 00:24:05.265: As98 PPP: Phase is AUTHENTICATING, by this end
*Mar  2 00:24:05.269: As98 PAP: I AUTH-REQ id 6 len 23 from
"city at INTERNAL"
*Mar  2 00:24:05.273: As98 PAP: Authenticating peer city at INTERNAL
*Mar  2 00:24:05.349: As98 PAP: O AUTH-ACK id 6 len 5
*Mar  2 00:24:05.349: As98 PPP: Phase is UP
*Mar  2 00:24:05.349: As98 IPCP: O CONFREQ [Closed] id 98 len 10
*Mar  2 00:24:05.349: As98 IPCP:    Address 202.5.150.1
(0x0306CA059601)
*Mar  2 00:24:05.361: As98 PPP: Outbound context-status packet dropped,
IPCP sta
te is REQsent
*Mar  2 00:24:05.377: As98 PPP: Outbound context-status packet dropped,
IPCP sta
te is REQsent
*Mar  2 00:24:05.381: As98 IPCP: O CONFREQ [REQsent] id 99 len 16
*Mar  2 00:24:05.381: As98 IPCP:    CompressType VJ 15 slots
(0x0206002D0F00)
*Mar  2 00:24:05.381: As98 IPCP:    Address 202.5.150.1
(0x0306CA059601)
*Mar  2 00:24:05.381: As98 IPCP: O CONFREQ [REQsent] id 100 len 16
*Mar  2 00:24:05.381: As98 IPCP:    CompressType VJ 15 slots
(0x0206002D0F00)
*Mar  2 00:24:05.381: As98 IPCP:    Address 202.5.150.1
(0x0306CA059601)
*Mar  2 00:24:05.517: As98 IPCP: I CONFREQ [REQsent] id 2 len 16
*Mar  2 00:24:05.517: As98 IPCP:    CompressType VJ 15 slots
CompressSlotID (0x0
206002D0F01)
*Mar  2 00:24:05.517: As98 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar  2 00:24:05.517: As98 AAA/AUTHOR/IPCP: Start.  Her address
0.0.0.0, we want
 0.0.0.0
*Mar  2 00:24:05.517: As98 LCP: O PROTREJ [Open] id 142 len 22 protocol
IPCP
*Mar  2 00:24:05.521: As98 LCP:  (0x8021010200100206002D0F0103060000)
*Mar  2 00:24:05.521: As98 LCP:  (0x0000)
*Mar  2 00:24:05.521: As98 IPCP: State is Closed
*Mar  2 00:24:05.525: As98 IPCP: I CONFACK [Closed] id 98 len 10
*Mar  2 00:24:05.525: As98 IPCP:    Address 202.5.150.1
(0x0306CA059601)
*Mar  2 00:24:05.525: As98 IPCP: Lower layer not up, discarding packet
*Mar  2 00:24:05.553: As98 IPCP: I CONFACK [Closed] id 99 len 16
*Mar  2 00:24:05.553: As98 IPCP:    CompressType VJ 15 slots
(0x0206002D0F00)
*Mar  2 00:24:05.553: As98 IPCP:    Address 202.5.150.1
(0x0306CA059601)
*Mar  2 00:24:05.553: As98 IPCP: Lower layer not up, discarding packet
*Mar  2 00:24:05.557: As98 IPCP: I CONFACK [Closed] id 100 len 16
*Mar  2 00:24:05.557: As98 IPCP:    CompressType VJ 15 slots
(0x0206002D0F00)
*Mar  2 00:24:05.557: As98 IPCP:    Address 202.5.150.1
(0x0306CA059601)
*Mar  2 00:24:05.557: As98 IPCP: Lower layer not up, discarding packet
*Mar  2 00:24:05.697: As98 LCP: I TERMREQ [Open] id 3 len 16
(0x3B843FF8003CCD74
00000000)

-------------------------------------------------------------------------------

The Radiator config file is given below

------------------------------------------------------------------------------------




Foreground
LogStdout
LogDir  .
DbDir  .
Trace 4
AuthPort 1645
AcctPort 1646
# You will probably want to change this to suit your site.
<Client 204.5.150.1>
 Secret abc
 DupInterval 0
</Client>
<Client 192.168.1.7>
 Secret xyz
 DupInterval 0
</Client>
<Client DEFAULT>
 Secret abx
 DupInterval 0
</Client>


<Realm INTERNAL>
    <AuthBy FILE>
 AddToReply Service-Type = Framed-User, \
 Framed-Protocol = PPP, \
 Framed-Routing = None, \
 Framed-MTU = 1500, \
 Framed-Compression = Van-Jacobson-TCP-IP, \
 Idle-Timeout = 900, \
 Session-Timeout = 1800
    </AuthBy>
</Realm>

-----------------------------------------------------------------------------------------

Users file is given below

-----------------------------------------------------------------------------------------

city at INTERNAL User-Password = "xyz", Service-Type = Framed-User
        Framed-Protocol = PPP,
        Framed-IP-Netmask = 255.255.255.254,
        Framed-IP-Address = 202.5.150.250,
        Framed-Routing = None,
        Framed-MTU = 1500,
 Framed-Compression = Van-Jacobson-TCP-IP,
 Idle-Timeout = 900,
 Session-Timeout = 1800

-------------------------------------------------------------------------------------------

trace 4 debug logs at the Radiator are given below

--------------------------------------------------------------------------------------------





Thu Apr 18 16:15:29 2002: DEBUG: Packet dump:
*** Received from 202.5.150.1 port 1645 ....
Code:       Access-Request
Identifier: 104
Authentic:  <185><17>~x_<167><160><229><17><7><144><209><4><29><232>9
Attributes:
 Framed-Protocol = PPP
 User-Name = "city at INTERNAL"
 User-Password =
"<199>%<136>H<226>]<165>c<178><224><156><10><193><139><253><214>"
 NAS-Port = 98
 NAS-Port-Type = Async
 Calling-Station-Id = "async"
 Service-Type = Framed-User
 NAS-IP-Address = 202.5.150.1

Thu Apr 18 16:15:29 2002: DEBUG: Handling request with Handler
'Realm=INTERNAL'
Thu Apr 18 16:15:29 2002: DEBUG:  Deleting session for city at INTERNAL,
202.5.150.1, 98
Thu Apr 18 16:15:29 2002: DEBUG: do query is: update serverports set
acctstatustype='' where port=98 and ipaddress='202.5.150.1'

Thu Apr 18 16:15:30 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 18 16:15:30 2002: DEBUG: Radius::AuthFILE looks for match with
city at INTERNAL
Thu Apr 18 16:15:30 2002: DEBUG: Radius::AuthFILE ACCEPT:
Thu Apr 18 16:15:30 2002: DEBUG: Access accepted for city at INTERNAL
Thu Apr 18 16:15:30 2002: DEBUG: Packet dump:
*** Sending to 202.5.150.1 port 1645 ....
Code:       Access-Accept
Identifier: 104
Authentic:  <185><17>~x_<167><160><229><17><7><144><209><4><29><232>9
Attributes:
 Framed-IP-Address = 202.5.150.250
 Framed-Protocol = PPP
 Framed-IP-Netmask = 255.255.255.254
 Framed-Routing = None
 Framed-MTU = 1500
 Framed-Compression = Van-Jacobson-TCP-IP
 Idle-Timeout = 900
 Session-Timeout = 1800
 Service-Type = Framed-User
 Framed-Protocol = PPP
 Framed-Routing = None
 Framed-MTU = 1500
 Framed-Compression = Van-Jacobson-TCP-IP
 Idle-Timeout = 900
 Session-Timeout = 1800

Thu Apr 18 16:15:30 2002: DEBUG: Packet dump:
*** Received from 202.5.150.1 port 1646 ....
Code:       Accounting-Request
Identifier: 79
Authentic:  <139>H<182>_<254>Q<187><213>5lu<241>_<221>,<28>
Attributes:
 Acct-Session-Id = "000002CC"
 Framed-Protocol = PPP
 Connect-Info = "21600/19200 V34/V42bis/LAPM"
 Acct-Authentic = RADIUS
 User-Name = "city at INTERNAL"
 Acct-Status-Type = Start
 NAS-Port = 98
 NAS-Port-Type = Async
 Calling-Station-Id = "async"
 Service-Type = Framed-User
 NAS-IP-Address = 202.5.150.1
 Acct-Delay-Time = 0

Thu Apr 18 16:15:30 2002: DEBUG: Handling request with Handler
'Realm=INTERNAL'
Thu Apr 18 16:15:30 2002: DEBUG:  Adding session for city at INTERNAL,
202.5.150.1, 98
Thu Apr 18 16:15:30 2002: DEBUG: do query is: update serverports set
acctstatustype='Start' where port=98 and ipaddress='202.5.150.1'

Thu Apr 18 16:15:30 2002: DEBUG: do query is: update serverports set

username='city at INTERNAL',acctstatustype='Start',framedaddress='',callstationid='async',calldate=to_date('2002-04-18

16:15:30','yyyy-mm-dd HH24:MI:SS') where port=98 and
ipaddress='202.5.150.1'

Thu Apr 18 16:15:30 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 18 16:15:30 2002: DEBUG: Accounting accepted
Thu Apr 18 16:15:30 2002: DEBUG: Packet dump:
*** Sending to 202.5.150.1 port 1646 ....
Code:       Accounting-Response
Identifier: 79
Authentic:  <139>H<182>_<254>Q<187><213>5lu<241>_<221>,<28>
Attributes:

Thu Apr 18 16:15:30 2002: DEBUG: Packet dump:
*** Received from 202.5.150.1 port 1646 ....
Code:       Accounting-Request
Identifier: 80
Authentic:  <211><5><1><196><182><177>u<154><128><178><202><198>lrBM
Attributes:
 Acct-Session-Id = "000002CC"
 Framed-Protocol = PPP
 User-Name = "city at INTERNAL"
 Acct-Session-Time = 0
 Connect-Info = "21600/19200 V34/V42bis/LAPM"
 Acct-Input-Octets = 86
 Acct-Output-Octets = 88
 Acct-Input-Packets = 5
 Acct-Output-Packets = 5
 Acct-Terminate-Cause = User-Request
 Acct-Authentic = RADIUS
 User-Name = "city at INTERNAL"
 Acct-Status-Type = Stop
 NAS-Port = 98
 NAS-Port-Type = Async
 Calling-Station-Id = "async"
 Service-Type = Framed-User
 NAS-IP-Address = 202.5.150.1
 Acct-Delay-Time = 0

Thu Apr 18 16:15:30 2002: DEBUG: Handling request with Handler
'Realm=INTERNAL'
Thu Apr 18 16:15:30 2002: DEBUG:  Deleting session for city at INTERNAL,
202.5.150.1, 98
Thu Apr 18 16:15:30 2002: DEBUG: do query is: update serverports set
acctstatustype='Stop' where port=98 and ipaddress='202.5.150.1'

Thu Apr 18 16:15:30 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 18 16:15:30 2002: DEBUG: Accounting accepted
Thu Apr 18 16:15:30 2002: DEBUG: Packet dump:
*** Sending to 202.5.150.1 port 1646 ....
Code:       Accounting-Response
Identifier: 80
Authentic:  <211><5><1><196><182><177>u<154><128><178><202><198>lrBM
Attributes:








===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list