(RADIATOR) Configuring Radiator Radius server for Cisco AS5300
G. S. Rakhra
gsrakhra at fewanet.com.np
Sun Sep 21 01:07:05 CDT 2003
Hi
It is working after removing "Filter-Id". Thanks to all for your great
co-operation.
With Regards
G. S. Rakhra
----- Original Message -----
From: <david.kramar at aliatel.cz>
To: <gsrakhra at fewanet.com.np>; <hugh at open.com.au>
Cc: <radiator at open.com.au>
Sent: Friday, September 19, 2003 11:36 AM
Subject: RE: (RADIATOR) Configuring Radiator Radius server for Cisco AS5300
Hi,
First way, remove atribut Filter-Id = "testing" from radius.conf file,....
second try to repair power supply. If not help, send me cisco# sh run
without secrets..
David
-----Puvodní zpráva-----
Od: G. S. Rakhra [mailto:gsrakhra at fewanet.com.np]
Odesláno: 19. zárí 2003 6:54
Komu: Hugh Irvine
Kopie: radiator at open.com.au
Predmet: Re: (RADIATOR) Configuring Radiator Radius server for Cisco AS5300
Dear Sir,
Please find attached following log files for your analysis:
1. Radius Log(Fewanet)--Radius Log with Trace 4 when connected with
<mailto:gsrakhra at fewanet.com.np> gsrakhra at fewanet.com.np username with our
Radius Server
2. AS5300 Debug(Fewanet) -- AS5300 debug when connected to our Radius Server
3. AS5300 Debug(Other ISP) -- AS5300 debug when connected to Other ISP
4. Show Interface Async90(Fewanet) -- Interface Async89 state in AS5300
when connected to our Radius Server
5. Show Interface Async89(Other ISP) -- Interface Async90 state in AS5300
when connected to Other ISP
I think following two lines to be checked
1d21h: RADIUS: unknown proto "cdp" in acl-check
1d21h: RADIUS: Filter-Id testing out of range for protocol cdp. Ignoring.
And one differece in show interface command is in IPCP. When connected to
Other ISP, the IPCP is open and there is no problem in browsing, but when
connected to Our Server, IPCP is closed and we can not browse then.
Please help me if Filter ID is creating problem the how to solve it as I am
new to Radius Server. It has been installed here by some other person which
is not available at this moment.
And also I am hesitating to upgrade as if something goes wrong then it might
be a great problem as we can not shut down our services for a long time.
Therefore, try to provide solution with current version itself.
Thanks in Advance
G. S. Rakhra
----- Original Message -----
From: "Hugh Irvine" < <mailto:hugh at open.com.au> hugh at open.com.au>
To: "G. S. Rakhra" < <mailto:gsrakhra at fewanet.com.np>
gsrakhra at fewanet.com.np>
Cc: < <mailto:radiator at open.com.au> radiator at open.com.au>
Sent: Wednesday, September 17, 2003 5:11 AM
Subject: Re: (RADIATOR) Configuring Radiator Radius server for Cisco AS5300
Hello -
The AuthBy INTERNAL clause is not supported in Radiator 2.18.4. You can
use an AuthBy TEST instead.
BTW - the most recent version of Radiator is 3.6, so you should really
consider upgrading.
As mentioned in my previous mail I suspect the problem with your
connections not being able to browse have to do with filters or access
lists on the NAS. You should check the NAS configuration.
regards
Hugh
On Tuesday, Sep 16, 2003, at 21:34 Australia/Melbourne, G. S. Rakhra
wrote:
> Dear Sir,
>
> I tried by adding the <Handler Request-Type = Accounting-Request>
> Handler mentioned by Hugh, but getting following error while
> restarting the radiusd process:
>
> Tue Sep 16 15:42:27 2003: ERR: Could not load authentication module
> Radius::AuthINTERNAL: Can't locate Radius/AuthINTERNAL.pm in @INC
> (@INC contains: . /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1
> /usr/lib/perl5/site_perl/5.6.1/i386-linux
> /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0
> /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux
> /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at
> (eval 30) line 3, <FILE> line 153.
>
> Tue Sep 16 15:42:27 2003: ERR: Unknown keyword 'AcctResult' in
> /usr/local/src/Radiator-2.18.4/goodies/radonlinetest.cfg line 154
> Tue Sep 16 15:42:27 2003: INFO: Server started: Radiator 2.18.4 on
> seti.fewanet.com.np
>
> Even then I tried connecting, but the same problem still persists,
> i.e. I was able to connect but not able to browse the Internet.
>
> What next we can do?
>
> rgds
> G. S. Rakhra
> ----- Original Message -----
> From: "Hugh Irvine" < <mailto:hugh at open.com.au> hugh at open.com.au>
> To: "G. S. Rakhra" < <mailto:gsrakhra at fewanet.com.np>
gsrakhra at fewanet.com.np>
> Cc: < <mailto:radiator at open.com.au> radiator at open.com.au>
> Sent: Tuesday, September 16, 2003 12:42 PM
> Subject: Re: (RADIATOR) Configuring Radiator Radius server for Cisco
> AS5300
>
> >
> > Hello -
> >
> > Thanks for your mail.
> >
> > As far as I can see there is nothing wrong with your configuration
> and
> > the debug trace shows an accounting start for the session that
> appears
> > to be normal. I do notice that you are not sending a
> Framed-IP-Netmask,
> > but the radius accounting start shows an IP address so this may not
> be
> > a problem.
> >
> > You should run a debug on the Cisco to see what reply attributes you
> > are getting from the other ISP and then adjust your Radiator
> > configuration file in consequence. Otherwise there may be some
> > difference in the configuration between the Cisco 2511 and the Cisco
> > 5300. You may also have a problem with filters and/or access lists. I
> > notice that you are sending a reply attribute of "Filter-Id =
> testing"
> > which may be causing problems.
> >
> > I also notice you are not processing all radius requests, which is
> > causing a problem:
> >
> > Sat Sep 13 10:08:41 2003: DEBUG: Packet dump:
> > *** Received from 203.91.140.130 port 1026 ....
> > Code: Accounting-Request
> > Identifier: 0
> > Authentic: <178>q<190>}<158><158>m<21>9A<253><193>G<2><208><157>
> > Attributes:
> > Acct-Session-Id = "00000000"
> > NAS-IP-Address = 203.91.140.130
> > Acct-Status-Type = Start
> > Acct-Delay-Time = 2153826
> >
> > Sat Sep 13 10:08:41 2003: DEBUG: Check if Handler
> > Realm=fewanet.com.np,Client-Identifier = NASinternet should be used
> to
> > handle this request
> > Sat Sep 13 10:08:41 2003: DEBUG: Check if Handler Client-Identifier =
> > NASmail should be used to handle this request
> > Sat Sep 13 10:08:41 2003: WARNING: Could not find a handler for :
> > request is ignored
> >
> > You should set up a Handler to deal with these requests, like this:
> >
> > <Handler Request-Type = Accounting-Request>
> > <AuthBy INTERNAL>
> > AcctResult ACCEPT
> > </AuthBy>
> > </Handler>
> >
> > This Handler should be the last one in your list of Handlers.
> >
> > regards
> >
> > Hugh
> >
> >
> > On Tuesday, Sep 16, 2003, at 16:48 Australia/Melbourne, G. S. Rakhra
> > wrote:
> >
> > > Dear Sir,
> > >
> > > We have recently got an E1 Line and we are using Cisco AS5300 RAS
> for
> > > connection. The users are authenticated thru Radiator Radius server
> > > installed on Linux 7.3 on IBM Platform. We have other one
> Livingston
> > > Portmaster and one Cisco 2511 Router also and both are being used
> for
> > > client dialup connection. There is no problem with these two
> devices.
> > >
> > > The problem that we are facing with AS5300 is that we are able to
> > > connect but are not able to browse the Net. We have verified that
> this
> > > problem is related to authentication server by pointing the Radius
> > > server host on the RAS to some other ISP's and we were able to
> connect
> > > and also we were able to browse the net. If we create a user in the
> > > RAS itself and connect with that username then we were able to
> connect
> > > as well as ere able to browse the Internet.
> > >
> > > Another problem is that if we connect thru our Authentication and
> > > after disconnecting the IP obtained from the RAS is not released in
> > > the PC. But if we connect with the RAS's user then the IP is >
> released.
> > >
> > > I am attaching my radius configuration file as well as a radius
> debug
> > > file with Trace 4 level. The username tested is
> <mailto:demopkr at fewanet.com.np> demopkr at fewanet.com.np
> > >
> > > I hope to get the solution from you asap.
> > >
> > > Thanks in Advance
> > > G. S. Rakhra
> > > Manager(Technical)
> > > Fewa Net Pvt. Ltd.
> > > Pokhara
> > > Nepal
> > > <radius.log><radonlinetest.cfg.txt>
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> >
> > ===
> > Archive at <http://www.open.com.au/archives/radiator/>
http://www.open.com.au/archives/radiator/
> > Announcements on <mailto:radiator-announce at open.com.au>
radiator-announce at open.com.au
> > To unsubscribe, email <mailto:'majordomo at open.com.au'>
'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list