(RADIATOR) Asigning Static IP Address from mysql Database to cisco ras

Wakefield, Jayanne M. jmwakefield at longfibre.com
Wed Jan 30 11:25:42 CST 2002 

Jai,
I had same problem and finally figured it out two days ago.  It is in the Cisco
configuration of the aaa authorization lines.  The router wants these lines in a
specific order.  I don't see any "aaa authorization" lines in the Cisco config you
have included in this posting.  You need the lines below to make it work:

aaa authorization exec net4 local radius if-authenticated
aaa authorization network net4 local radius if-authenticated

Also for your "interface group-async 1" add the following line:

ppp authorization net4

This should work for you.
Jayanne

Jai Kumar Shinde wrote:

> Hi,
>
> I am trying to assgin static ip address from database (MYSQL using RADMIN)
> to cisco ras. From the logs ..RADIATOR is sending the FRAMED-IP-ADDRESS as
> shown below :-
>
> ---- log file -----
>
> Attributes:
>         NAS-IP-Address = 202.171.29.51
>         NAS-Port = 40
>         NAS-Port-Type = Async
>         User-Name = "jAI"
>         User-Password = "<219><207><11><192>C7b<207><163>b<9><193>e<213><203><29>"
> Tue Jan 29 13:28:40 2002: DEBUG: Rewrote user name to jAI
> Tue Jan 29 13:28:40 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jan 29 13:28:40 2002: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='202.171.129.51' and NASPORT=040
> Tue Jan 29 13:28:41 2002: DEBUG: Access accepted for jAI
> Tue Jan 29 13:28:41 2002: DEBUG: Packet dump:
> *** Sending to 202.71.129.151 port 1645 ....
> Code:       Access-Accept
> Identifier: 87
> Authentic:  <23>a<16><10><197>O<6><163>0<192>f<188><160><189><189>u
> Attributes:
>       *******************  FROM DATABASE STATIPADDRESS FIELD
> *******************
>                                 **********************
>         Framed-IP-Address = 192.168.168.168
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.0
>         Framed-Routing = Broadcast
>         Framed-MTU = 1500
>         Framed-Compression = None
>         Authentication-Type = RADIUS
>         Acct-Authentic = RADIUS
>         cisco-avpair = "ip:addr_pool=net4"
>
> --- END ----
>
> At the same time, cisco is geting that FRAMED-IP-ADDRESS passed from RADIUS
> ... as seen below...
>
> ----DEBUG CISCO -----
>
> %LINK-3-UPDOWN: Interface Async40, changed state to up
> AAA/AUTHEN: create_user (0x80EA54F8) user='jai' ruser='' port='Async40'
> rem_addr='async' authen_type=PAP service=PPP priv=1
> AAA/AUTHEN/START (39658391): port='Async40' list='net4' action=LOGIN
> service=PPP
> AAA/AUTHEN/START (39658391): found list net4
> AAA/AUTHEN/START (39658391): Method=RADIUS
> RADIUS: Initial Transmit id 89 202.71.129.91:1812, Access-Request, len 73
>         Attribute 4 6 CA478197
>         Attribute 5 6 00000028
>         Attribute 61 6 00000000
>         Attribute 1 5 6A616902
>         Attribute 2 18 D945A55A
>         Attribute 6 6 00000002
>         Attribute 7 6 00000001
> RADIUS: Received from id 89 202.71.129.91:1812, Access-Accept, len 93
>         Attribute 8 6 C0A8A8A8 <-----  ####  FRAMED IP ADDRESS :
> 192.168.168.168  #####
>         Attribute 7 6 00000001
>         Attribute 9 6 FFFFFF00
>         Attribute 10 6 00000001
>         Attribute 12 6 000005DC
>         Attribute 13 6 00000000
>         Attribute 3 6 00000004
>         Attribute 45 6 00000001
>         Attribute 26 25 0000000901136970
> RADIUS: saved authorization data for user 80EA54F8 at 80C0F57C
> AAA/AUTHEN (39658391): status = PASS
>
> --- END -----
>
> Can anybody help me in this matter, I need to assgin static ip address to
> specific dial user
>
> #######    CISCO RAS CONFIG  ##################
>
> aaa new-model
> aaa authentication password-prompt Password#
> aaa authentication username-prompt account#
> aaa authentication login net4 radius local
> aaa authentication ppp net4 radius local
> aaa accounting exec default start-stop radius
> aaa accounting network default start-stop radius
>
> interface Group-Async1
>  ip unnumbered Ethernet0/0
>  ip access-group 105 in
>  no ip directed-broadcast
>  encapsulation ppp
>  dialer in-band
>  dialer idle-timeout 1500
>  dialer-group 1
>  async default routing
>  async dynamic routing
>  async mode interactive
>  peer default ip address pool 3660
>  no cdp enable
>  ppp authentication pap callin net4
>  group-range 33 48
> !
> ip local pool 3660 202.171.112.97 202.171.112.112
>
> line 33 48
>  session-timeout 10
>  autoselect during-login
>  autoselect ppp
>  login authentication net4
>  modem InOut
>  modem autoconfigure discovery
>  autocommand ppp
>  transport input all
>  transport output pad v120 telnet rlogin
> line aux 0
> line vty 0 4
>
> -----END --
>
> ----  RADIUS CONFIG FILE -----
>
> <Realm DEFAULT>
>
>        <AuthBy RADMIN>
>                # FramedGroup 0
>                 DBSource        dbi:mysql:radmin
>                 DBUsername      xxxx
>                 DBAuth          xxxxxx
>
>                 AccountingTable RADUSAGE
>                 AcctColumnDef   USERNAME,User-Name
>                 AcctColumnDef   TIME_STAMP,Timestamp,integer
>                 AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
>                 AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>                 AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>                 AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>                 AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>                 AcctColumnDef
> ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
>                 AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>                 AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>                 AcctColumnDef   NASPORT,NAS-Port,integer
>                 AcctColumnDef   DNIS,Called-Station-Id
>                 AcctColumnDef   ANIS,Calling-Station-Id
>
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
>  OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>                       AddToReply Framed-Protocol=PPP, \
>                       Framed-IP-Netmask=255.255.255.0, \
>                       Framed-Routing=Broadcast, \
>                       Framed-MTU=1500, \
>                       Framed-Compression=None, \
>                       Authentication-Type=RADIUS, \
>                       Acct-Authentic=RADIUS, \
>                       cisco-avpair=ip:addr_pool=net4
>
>    </AuthBy>
> </Realm>
>
> sorry for sending second time..  i have checked archives. ....
>
> Thanx
>
> Jai
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list