cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
228
Views
0
Helpful
4
Replies

AS5300 & static IP

pakkanen
Level 1
Level 1

I'm just setting up our new AS5300, and analog & ISDN dialin works fine with dynamic IP addresses from the pool, authentication & accounting from Vircom Radius server. However, using static Radius assigned addresses fails for both analog and ISDN. Any ideas? Any other comments regarding the setup?

All we need is analog and ISDN dialip using the radius server, both dynamic IP addresses from the pool and static IP addresses (with 32- and less bit subnet masks) assigned by Radius server. Radius server should be ok since we've been running it with our Portmaster PM3's for years.

qnet-as5300-hki1#sh run

Building configuration...

Current configuration : 4279 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname qnet-as5300-hki1

!

aaa new-model

aaa authentication login default enable

aaa authentication ppp default group radius none

aaa accounting network default start-stop group radius

aaa processes 10

enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.

enable password yyyyyyyyyyy

!

username administrator privilege 15 password 0 xxxxxxxxx

username admin privilege 15 password 0 xxxxxxxxxx

username root password 0 xxxxxxxxx

spe 1/0 1/9

firmware location system:/ucode/mica_port_firmware

!

!

resource-pool disable

!

call rsvp-sync

clock timezone EET 2

calltracker enable

calltracker history max-size 30

calltracker call-record verbose

syscon address 194.251.131.22 xxxxxxxxxxx

syscon shelf-id 0

modem call-record terse

modem country mica finland

ip subnet-zero

no ip source-route

ip name-server 194.251.131.5

ip name-server 194.251.131.10

!

async-bootp dns-server 194.251.131.5 194.251.131.10

isdn switch-type primary-net5

!

!

!

!

!

fax interface-type modem

mta receive maximum-recipients 0

!

controller E1 0

clock source line primary

pri-group timeslots 1-31

!

controller E1 1

clock source line secondary 1

pri-group timeslots 1-31

!

controller E1 2

clock source line secondary 2

pri-group timeslots 1-31

!

controller E1 3

clock source line secondary 3

pri-group timeslots 1-31

!

controller E1 4

shutdown

clock source line secondary 4

!

controller E1 5

shutdown

clock source line secondary 5

!

controller E1 6

shutdown

clock source line secondary 6

!

controller E1 7

shutdown

clock source line secondary 7

!

!

!

interface Loopback0

ip address 194.252.112.33 255.255.255.224

no ip mroute-cache

!

interface Ethernet0

no ip address

no ip mroute-cache

shutdown

!

interface Serial0

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial1

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial2

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial3

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial0:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface Serial1:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

isdn T321 40000

isdn T310 4000

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface Serial2:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

isdn T321 40000

isdn T310 4000

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface Serial3:15

ip unnumbered FastEthernet0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

isdn T321 40000

isdn T310 4000

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface FastEthernet0

ip address 194.251.131.22 255.255.255.0

ip rip send version 1

no ip mroute-cache

duplex auto

speed auto

no mop enabled

!

interface Group-Async1

ip unnumbered Loopback0

encapsulation ppp

ip tcp header-compression passive

no ip mroute-cache

async mode interactive

peer default ip address pool dialin_pool

ppp authentication pap chap

group-range 1 120

!

ip local pool dialin_pool 194.252.112.34 194.252.112.62

ip classless

ip route 0.0.0.0 0.0.0.0 194.251.131.1

no ip http server

ip pim bidir-enable

!

access-list 101 permit ip any any

dialer-list 1 protocol ip permit

!

!

radius-server host 194.251.131.15 auth-port 1645 acct-port 1646

radius-server retransmit 3

radius-server timeout 10

radius-server attribute 8 include-in-access-req

radius-server attribute 44 include-in-access-req

radius-server key xxxxxxxxxxx

!

gateway

!

!

line con 0

logging synchronous

autoselect ppp

line 1 120

modem Dialin

autoselect during-login

autoselect ppp

line aux 0

line vty 0 4

exec-timeout 30 0

password xxxxxxxxxx

!

scheduler interval 1000

end

4 Replies 4

tepatel
Cisco Employee
Cisco Employee

Pl. enter following command for authorization

aaa authorization network default group radius local

for a router to accept authorization data from radius server (like ip address etc)..If it still dosen't work lets have following debug and post it here.

debug aaa per

debug aaa authentication

debug aaa authorization

debug radus

Thanks..Tejal

Thanks. I also just figured that out, browsing one more time through the "Configuring Authentication" manual, and typed it in... I'll know tomorrow if it helped.

Ok, I got the static problem sorted out, but I'm having another problem with my home Cisco 803 router and AS5300... After my original config which worked fine with Portmaster PM3 I've tried all the examples I've found from Ciscos site, without luck. It just woun't authenticate.

Here is the As5300 config and some debugging, the problem seems to be in the end, Vi1 MLP etc... but what does it exactly mean? The C803 is here using the plain NAT config found from Ciscos 800-804 software config manual.

Another problem I'm having, probably not related, is that my Viscom Radius server authenticates dialup users fine and even assigns static IP's if needed, but after that the server thinks all users are having 0.0.0.0 address. AS5300 "sh users" and well as clients "ipconfig" etc however show the addresses correctly, and the connection works fine. Any ideas?

qnet-as5300-hki1#sh run

Building configuration...

Current configuration : 4291 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname qnet-as5300-hki1

!

aaa new-model

!

!

aaa authentication login default enable

aaa authentication ppp default group radius none

aaa authorization network default group radius local

aaa accounting network default start-stop group radius

aaa session-id common

enable secret 5 $xxxxxxxxxxxxxxx.

enable password yyyyyyyyy

!

username administrator privilege 15 password 0 xxxxxyyyyy

username admin privilege 15 password 0 xxxxxyyyyy

username root password 0 xxxxxyyyyy

spe 1/0 1/9

firmware location system:/ucode/mica_port_firmware

!

!

resource-pool disable

clock timezone EET 2

!

calltracker enable

calltracker history max-size 30

calltracker call-record verbose

syscon address 62.142.221.2 xxxxxyyyyy

syscon shelf-id 0

modem call-record terse

modem country mica finland

ip subnet-zero

no ip source-route

ip name-server 195.74.0.47

ip name-server 195.74.0.55

!

async-bootp dns-server 195.74.0.47 195.74.0.55

isdn switch-type primary-net5

!

!

!

!

!

!

fax interface-type modem

mta receive maximum-recipients 0

!

controller E1 0

clock source line primary

pri-group timeslots 1-31

!

controller E1 1

clock source line secondary 1

pri-group timeslots 1-31

!

controller E1 2

clock source line secondary 2

pri-group timeslots 1-31

!

controller E1 3

clock source line secondary 3

pri-group timeslots 1-31

!

controller E1 4

shutdown

clock source line secondary 4

!

controller E1 5

shutdown

clock source line secondary 5

!

controller E1 6

shutdown

clock source line secondary 6

!

controller E1 7

shutdown

clock source line secondary 7

!

!

!

interface Loopback0

ip address 62.142.220.129 255.255.255.128

no ip mroute-cache

!

interface Ethernet0

no ip address

no ip mroute-cache

shutdown

!

interface Serial0

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial1

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial2

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial3

no ip address

no ip mroute-cache

shutdown

no fair-queue

clockrate 2015232

!

interface Serial0:15

ip unnumbered Loopback0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface Serial1:15

ip unnumbered Loopback0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

isdn T321 40000

isdn T310 4000

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface Serial2:15

ip unnumbered Loopback0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

isdn T321 40000

isdn T310 4000

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface Serial3:15

ip unnumbered Loopback0

encapsulation ppp

dialer-group 1

isdn switch-type primary-net5

isdn incoming-voice modem

isdn T321 40000

isdn T310 4000

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

interface FastEthernet0

ip address 62.142.221.2 255.255.255.248

no ip mroute-cache

duplex auto

speed auto

no mop enabled

!

interface Group-Async1

ip unnumbered Loopback0

encapsulation ppp

ip tcp header-compression

no ip mroute-cache

async mode interactive

peer default ip address pool dialin_pool

ppp authentication pap chap

group-range 1 120

!

ip local pool dialin_pool 62.142.220.130 62.142.220.253

ip classless

ip route 0.0.0.0 0.0.0.0 62.142.221.1

no ip http server

!

access-list 101 permit ip any any

dialer-list 1 protocol ip permit

!

!

!

radius-server host 194.251.131.15 auth-port 1645 acct-port 1646

radius-server retransmit 3

radius-server timeout 10

radius-server attribute 8 include-in-access-req

radius-server attribute 44 include-in-access-req

radius-server key AS5300xz

call rsvp-sync

!

!

mgcp profile default

!

gateway

!

!

line con 0

logging synchronous

autoselect ppp

line 1 120

modem Dialin

autoselect during-login

autoselect ppp

line aux 0

line vty 0 4

exec-timeout 30 0

password xxxxxyyyyy

!

scheduler interval 1000

end

**********************************************

qnet-as5300-hki1#undeb all

All possible debugging has been turned off

qnet-as5300-hki1#term moni

qnet-as5300-hki1#debug dialer

Dial on demand events debugging is on

qnet-as5300-hki1#debug isdn q931

ISDN Q931 packets debugging is on

qnet-as5300-hki1#debug ppp neg

PPP protocol negotiation debugging is on

qnet-as5300-hki1#debug ppp auth

PPP authentication debugging is on

qnet-as5300-hki1#debug ip peer

IP peer address activity debugging is on

qnet-as5300-hki1#

07:27:31: ISDN Se0:15: RX <- SETUP pd = 8 callref = 0x6782

07:27:31: Bearer Capability i = 0x8890

07:27:31: Channel ID i = 0xA9839B

07:27:31: Date/Time i = 0x0208091538

07:27:31: Calling Party Number i = 0x0183, '063221964', Plan:ISDN, Typen

07:27:31: Called Party Number i = 0x81, '810', Plan:ISDN, Type:Unknown

07:27:31: %LINK-3-UPDOWN: Interface Serial0:26, changed state to up

07:27:31: ISDN Se0:15: TX -> CALL_PROC pd = 8 callref = 0xE782

07:27:31: Channel ID i = 0xA9839B

07:27:31: ISDN Se0:15: TX -> CONNECT pd = 8 callref = 0xE782

07:27:31: Channel ID i = 0xA9839B

07:27:31: Se0:26 PPP: Treating connection as a callin

07:27:31: Se0:26 PPP: Phase is ESTABLISHING, Passive Open

07:27:31: Se0:26 LCP: State is Listen

07:27:31: ISDN Se0:15: RX <- CONNECT_ACK pd = 8 callref = 0x6782

07:27:31: ISDN Se0:15: CALL_PROGRESS: CALL_CONNECTED call id 0x1D8, bchan 26, d0

07:27:32: Se0:26 LCP: I CONFREQ [Listen] id 13 len 25

07:27:32: Se0:26 LCP: MagicNumber 0x30F24F24 (0x050630F24F24)

07:27:32: Se0:26 LCP: MRRU 1524 (0x110405F4)

07:27:32: Se0:26 LCP: EndpointDisc 1 gw-qnet1 (0x130B0167772D716E657431)

07:27:32: Se0:26 PPP: Authorization required

07:27:32: Se0:26 LCP: O CONFREQ [Listen] id 11 len 38

07:27:32: Se0:26 LCP: AuthProto CHAP (0x0305C22305)

07:27:32: Se0:26 LCP: MagicNumber 0x321A7C12 (0x0506321A7C12)

07:27:32: Se0:26 LCP: MRRU 1524 (0x110405F4)

07:27:32: Se0:26 LCP: EndpointDisc 1 qnet-as5300-hki1

07:27:32: Se0:26 LCP: (0x131301716E65742D6173353330302D68)

07:27:32: Se0:26 LCP: (0x6B6931)

07:27:32: Se0:26 LCP: O CONFACK [Listen] id 13 len 25

07:27:32: Se0:26 LCP: MagicNumber 0x30F24F24 (0x050630F24F24)

07:27:32: Se0:26 LCP: MRRU 1524 (0x110405F4)

07:27:32: Se0:26 LCP: EndpointDisc 1 gw-qnet1 (0x130B0167772D716E657431)

07:27:32: Se0:26 LCP: I CONFACK [ACKsent] id 11 len 38

07:27:32: Se0:26 LCP: AuthProto CHAP (0x0305C22305)

07:27:32: Se0:26 LCP: MagicNumber 0x321A7C12 (0x0506321A7C12)

07:27:32: Se0:26 LCP: MRRU 1524 (0x110405F4)

07:27:32: Se0:26 LCP: EndpointDisc 1 qnet-as5300-hki1

07:27:32: Se0:26 LCP: (0x131301716E65742D6173353330302D68)

07:27:32: Se0:26 LCP: (0x6B6931)

07:27:32: Se0:26 LCP: State is Open

07:27:32: Se0:26 PPP: Phase is AUTHENTICATING, by this end

07:27:32: Se0:26 CHAP: O CHALLENGE id 6 len 37 from "qnet-as5300-hki1"

07:27:32: Se0:26 CHAP: I RESPONSE id 6 len 29 from "gw-qnet1"

07:27:32: Se0:26 PPP: Phase is FORWARDING, Attempting Forward

07:27:32: Se0:26 PPP: Phase is AUTHENTICATING, Unauthenticated User

07:27:32: Se0:26 PPP: Sent CHAP LOGIN Request

07:27:32: Se0:26 PPP: Received LOGIN Response PASS

07:27:32: Se0:26 PPP: Phase is FORWARDING, Attempting Forward

07:27:32: Se0:26 PPP: Phase is AUTHENTICATING, Authenticated User

07:27:32: Se0:26 DDR: Remote name for gw-qnet1

07:27:32: Se0:26 DDR: Authenticated host gw-qnet1 with no matching dialer map

07:27:32: Se0:26 CHAP: O SUCCESS id 6 len 4

07:27:32: Se0:26 PPP: Phase is VIRTUALIZED

07:27:32: Vi1 PPP: Phase is DOWN, Setup

07:27:32: Vi1 MLP: VP: Clone from AAA

07:27:32: Vi1 MLP: Invalid AAA cloning

07:27:32: Se0:26 PPP: Phase is TERMINATING

07:27:32: Se0:26 LCP: O TERMREQ [Open] id 12 len 4

07:27:32: Se0:26 LCP: I TERMACK [TERMsent] id 12 len 4

07:27:32: Se0:26 LCP: State is Closed

07:27:32: Se0:26 PPP: Phase is DOWN

07:27:32: Se0:26 DDR: disconnecting call

07:27:32: Se0:26 PPP: Phase is ESTABLISHING, Passive Open

07:27:32: Se0:26 LCP: State is Listen

07:27:32: %ISDN-6-CONNECT: Interface Serial0:26 is now connected to 063221964 g1

07:27:32: ISDN Se0:15: TX -> DISCONNECT pd = 8 callref = 0xE782

07:27:32: Cause i = 0x8090 - Normal call clearing

07:27:32: ISDN Se0:15: RX <- RELEASE pd = 8 callref = 0x6782

07:27:32: %LINK-3-UPDOWN: Interface Serial0:26, changed state to down

07:27:32: ISDN Se0:15: TX -> RELEASE_COMP pd = 8 callref = 0xE782

07:27:32: Se0:26 LCP: State is Closed

07:27:32: Se0:26 PPP: Phase is DOWN

07:27:32: Se0:26 DDR: disconnecting call

803 is trying to negotiate the multilink connection with as5300.."debug aaa authorization" will report more but AS5300 is trying to clone virtual access interface but since virtual template interface is not configured, its dropping the connection..Are you trying to pass authorization parameters from aaa to AS5300 for that user??

To fix this issue configure the following

conf t

multilink virtual-template 1

!

interface virtual-template 1

ip unnumbered Loopback0

encapsulation ppp

peer default ip address pool dialin_pool

ppp authentication chap pap

ppp multilink

!

Problem should be solved with that..If not need following debug

debug aaa authorization

debug aaa per-user

debug ppp negotiation

term mon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: