(RADIATOR) Configuring Radiator Radius server for Cisco AS5300

Hugh Irvine hugh at open.com.au
Tue Sep 16 02:12:15 CDT 2003


Hello -

Thanks for your mail.

As far as I can see there is nothing wrong with your configuration and 
the debug trace shows an accounting start for the session that appears 
to be normal. I do notice that you are not sending a Framed-IP-Netmask, 
but the radius accounting start shows an IP address so this may not be 
a problem.

You should run a debug on the Cisco to see what reply attributes you 
are getting from the other ISP and then adjust your Radiator 
configuration file in consequence. Otherwise there may be some 
difference in the configuration between the Cisco 2511 and the Cisco 
5300. You may also have a problem with filters and/or access lists. I 
notice that you are sending a reply attribute of "Filter-Id = testing" 
which may be causing problems.

I also notice you are not processing all radius requests, which is 
causing a problem:

Sat Sep 13 10:08:41 2003: DEBUG: Packet dump:
*** Received from 203.91.140.130 port 1026 ....
Code:       Accounting-Request
Identifier: 0
Authentic:  <178>q<190>}<158><158>m<21>9A<253><193>G<2><208><157>
Attributes:
	Acct-Session-Id = "00000000"
	NAS-IP-Address = 203.91.140.130
	Acct-Status-Type = Start
	Acct-Delay-Time = 2153826

Sat Sep 13 10:08:41 2003: DEBUG: Check if Handler 
Realm=fewanet.com.np,Client-Identifier = NASinternet should be used to 
handle this request
Sat Sep 13 10:08:41 2003: DEBUG: Check if Handler Client-Identifier = 
NASmail should be used to handle this request
Sat Sep 13 10:08:41 2003: WARNING: Could not find a handler for : 
request is ignored

You should set up a Handler to deal with these requests, like this:

<Handler Request-Type = Accounting-Request>
	<AuthBy INTERNAL>
		AcctResult ACCEPT
	</AuthBy>
</Handler>

This Handler should be the last one in your list of Handlers.

regards

Hugh


On Tuesday, Sep 16, 2003, at 16:48 Australia/Melbourne, G. S. Rakhra 
wrote:

> Dear Sir,
>  
> We have recently got an E1 Line and we are using Cisco AS5300 RAS for 
> connection. The users are authenticated thru Radiator Radius server 
> installed on Linux 7.3 on IBM Platform. We have other one Livingston 
> Portmaster and one Cisco 2511 Router also and both are being used for 
> client dialup connection. There is no problem with these two devices.
>  
> The problem that we are facing with AS5300 is that we are able to 
> connect but are not able to browse the Net. We have verified that this 
> problem is related to authentication server by pointing the Radius 
> server host on the RAS to some other ISP's and we were able to connect 
> and also we were able to browse the net. If we create a user in the 
> RAS itself and connect with that username then we were able to connect 
> as well as ere able to browse the Internet.
>  
> Another problem is that if we connect thru our Authentication and 
> after disconnecting the IP obtained from the RAS is not released in 
> the PC. But if we connect with the RAS's user then  the IP is > released.
>  
> I am attaching my radius configuration file as well as a radius debug 
> file with Trace 4 level. The username tested is demopkr at fewanet.com.np
>  
> I hope to get the solution from you asap.
>  
> Thanks in Advance
> G. S. Rakhra
> Manager(Technical)
> Fewa Net Pvt. Ltd.
> Pokhara
> Nepal
> <radius.log><radonlinetest.cfg.txt>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list