12-15-2002 01:31 PM - edited 03-02-2019 03:36 AM
I had AS5800 which is configured for ISDN and analog calls, ppp authorization is configured in order to assign users ip addreeses from the radius. Analog calls have no problem and the users can take their ip address from radius. the problrem is in isdn users receives an lcp error negotiation message when i configure the serial with ppp authorization command, when i remove the authorization and put a local ip lool in serial interface the users loggin without problems
serial configuration is as follow :
interface Serial1/0/0:15
ip unnumbered Loopback0
no ip redirects
encapsulation ppp
no ip route-cache
ip tcp header-compression passive
dialer idle-timeout 7000
autodetect encapsulation ppp v120
isdn switch-type primary-net5
isdn not-end-to-end 56
isdn incoming-voice modem
isdn negotiate-bchan
no peer default ip address
ppp authentication pap chap rad-1
ppp authorization rad-1
ppp multilink
I debug ppp authentication and aaa authorization the output is as follow :
Dec 15 14:26:27.565: AAA/ACCT/DS0: channel=12, ds1=0, t3=0, slot=0, ds0=12
Dec 15 14:26:27.565: AAA/ACCT/DS0: channel=12, ds1=0, t3=0, slot=0, ds0=12
Dec 15 14:26:27.693: AAA: parse name=tty2 idb type=-1 tty=-1
Dec 15 14:26:27.693: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
Dec 15 14:26:27.693: AAA/MEMORY: create_user (0x6664B548) user='aossama' ruser='MOH-C82' ds0=0 port='tty2' rem_addr='62.140.64.177' authen_type=ASCII service=NONE priv=15 initial_task_id='0'
Dec 15 14:26:27.693: tty2 AAA/AUTHOR/CMD(2640554636): Port='tty2' list='' service=CMD
Dec 15 14:26:27.693: AAA/AUTHOR/CMD: tty2(2640554636) user='aossama'
Dec 15 14:26:27.693: tty2 AAA/AUTHOR/CMD(2640554636): send AV service=shell
Dec 15 14:26:27.693: tty2 AAA/AUTHOR/CMD(2640554636): send AV cmd=configure
Dec 15 14:26:27.693: tty2 AAA/AUTHOR/CMD(2640554636): send AV cmd-arg=terminal
Dec 15 14:26:27.693: tty2 AAA/AUTHOR/CMD(2640554636): send AV cmd-arg=<cr>
Dec 15 14:26:27.693: tty2 AAA/AUTHOR/CMD(2640554636): found list "default"
Dec 15 14:26:27.693: tty2 AAA/AUTHOR/CMD(2640554636): Method=LOCAL
Dec 15 14:26:27.693: AAA/AUTHOR (2640554636): Post authorization status = PASS_ADD
Dec 15 14:26:27.693: AAA/MEMORY: free_user (0x6664B548) user='aossama' ruser='MOH-C82' port='tty2' rem_addr='62.140.64.177' authen_type=ASCII service=NONE priv=15
Dec 15 14:26:27.833: Se1/0/0:12 PPP: Treating connection as a callin
Dec 15 14:26:27.833: Se1/0/0:12 PPP: Phase is ESTABLISHING, Passive Open
Dec 15 14:26:27.833: Se1/0/0:12 LCP: State is Listen
Dec 15 14:26:27.833: Se1/0/0:12 LCP: I CONFREQ [Listen] id 0 len 48
Dec 15 14:26:27.833: Se1/0/0:12 LCP: MRU 1524 (0x010405F4)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: MagicNumber 0x081409E3 (0x0506081409E3)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: PFC (0x0702)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: ACFC (0x0802)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: Callback 6 (0x0D0306)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: MRRU 1614 (0x1104064E)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: EndpointDisc 1 Local
Dec 15 14:26:27.833: Se1/0/0:12 LCP: (0x1317014319E96043534B1DBEC7856465)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: (0x26D63300000000)
Dec 15 14:26:27.833: Se1/0/0:12 PPP: Authorization required
Dec 15 14:26:27.833: Se1/0/0:12 LCP: O CONFREQ [Listen] id 11 len 28
Dec 15 14:26:27.833: Se1/0/0:12 LCP: AuthProto PAP (0x0304C023)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: MagicNumber 0x20C0B389 (0x050620C0B389)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: MRRU 1524 (0x110405F4)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: EndpointDisc 1 MOH-C82 (0x130A014D4F482D433832)
Dec 15 14:26:27.833: Se1/0/0:12 LCP: O CONFREJ [Listen] id 0 len 7
Dec 15 14:26:27.837: Se1/0/0:12 LCP: Callback 6 (0x0D0306)
Dec 15 14:26:27.857: Se1/0/0:12 LCP: I CONFACK [REQsent] id 11 len 28
Dec 15 14:26:27.857: Se1/0/0:12 LCP: AuthProto PAP (0x0304C023)
Dec 15 14:26:27.857: Se1/0/0:12 LCP: MagicNumber 0x20C0B389 (0x050620C0B389)
Dec 15 14:26:27.857: Se1/0/0:12 LCP: MRRU 1524 (0x110405F4)
Dec 15 14:26:27.857: Se1/0/0:12 LCP: EndpointDisc 1 MOH-C82 (0x130A014D4F482D433832)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: I CONFREQ [ACKrcvd] id 1 len 45
Dec 15 14:26:27.865: Se1/0/0:12 LCP: MRU 1524 (0x010405F4)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: MagicNumber 0x081409E3 (0x0506081409E3)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: PFC (0x0702)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: ACFC (0x0802)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: MRRU 1614 (0x1104064E)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: EndpointDisc 1 Local
Dec 15 14:26:27.865: Se1/0/0:12 LCP: (0x1317014319E96043534B1DBEC7856465)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: (0x26D63300000000)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: O CONFACK [ACKrcvd] id 1 len 45
Dec 15 14:26:27.865: Se1/0/0:12 LCP: MRU 1524 (0x010405F4)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: MagicNumber 0x081409E3 (0x0506081409E3)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: PFC (0x0702)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: ACFC (0x0802)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: MRRU 1614 (0x1104064E)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: EndpointDisc 1 Local
Dec 15 14:26:27.865: Se1/0/0:12 LCP: (0x1317014319E96043534B1DBEC7856465)
Dec 15 14:26:27.865int se: Se1/0/0:12 LCP: (0x26D63300000000)
Dec 15 14:26:27.865: Se1/0/0:12 LCP: State is Open
Dec 15 14:26:27.865: Se1/0/0:12 PPP: Phase is AUTHENTICATING, by this end
Dec 15 14:26:27.929: Se1/0/0:12 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x081409E3 MSRASV5.10
Dec 15 14:26:27.933: Se1/0/0:12 LCP: I IDENTIFY [Open] id 3 len 21 magic 0x081409E3 MSRAS-1-LAB13
Dec 15 14:26:27.937: Se1/0/0:12 PAP: I AUTH-REQ id 16 len 15 from "TIC"
Dec 15 14:26:27.937: Se1/0/0:12 PAP: Authenticating peer TIC
Dec 15 14:26:27.937: Se1/0/0:12 PPP: Phase is FORWARDING, Attempting Forward
Dec 15 14:26:27.937: Se1/0/0:12 PPP: Phase is AUTHENTICATING, Unauthenticated User
Dec 15 14:26:27.937: Se1/0/0:12 PPP: Sent PAP LOGIN Request to AAA
Dec 15 14:26:28.121: Se1/0/0:12 PPP: Received LOGIN Response from AAA = PASS
Dec 15 14:26:28.121: Se1/0/0:12 PPP/AAA: Check Attr: service-type
Dec 15 14:26:28.121: Se1/0/0:12 PPP/AAA: Check Attr: Framed-Protocol
Dec 15 14:26:28.121: Se1/0/0:12 PPP/AAA: Check Attr: addr
Dec 15 14:26:28.121: Se1/0/0:12 PPP/AAA: Check Attr: netmask
Dec 15 14:26:28.121: Se1/0/0:12 PPP/AAA: Check Attr: link-compression:Peruser
Dec 15 14:26:28.121: Se1/0/0:12 PPP/AAA: Check Attr: Port-Limit
Dec 15 14:26:28.121: Se1/0/0:12 PPP: Phase is FORWARDING, Attempting Forward
Dec 15 14:26:28.121: Se1/0/0:12 PPP: Phase is AUTHENTICATING, Authenticated User
Dec 15 14:26:28.121: Se1/0/0:12 AAA/AUTHOR/LCP: Process Author
Dec 15 14:26:28.121: Se1/0/0:12 AAA/AUTHOR/LCP: Process Attr: link-compression
Dec 15 14:26:28.121: AAA/AUTHOR: Processing PerUser AV link-compression
Dec 15 14:26:28.121: Se1/0/0:12 AAA/AUTHOR/LCP: IF_config:
ip tcp header-compression
Dec 15 14:26:28.121: Se1/0/0:12 PAP: O AUTH-ACK id 16 len 5
Dec 15 14:26:28.121: Se1/0/0:12 PPP: Phase is VIRTUALIZED
Dec 15 14:26:28.125: Vi1 PPP: Phase is DOWN, Setup
Dec 15 14:26:28.133: Se1/0/0:12 PPP: Phase is TERMINATING
Dec 15 14:26:28.133: Se1/0/0:12 LCP: O TERMREQ [Open] id 12 len 4
Dec 15 14:26:28.397: Se1/0/0:12 LCP: State is Closed
Dec 15 14:26:28.397: Se1/0/0:12 PPP: Phase is DOWN
Can any body know what is the problem ?
thanx in advance,
12-15-2002 02:15 PM
The NAS is looking for Virtual interface config..
Dec 15 14:26:28.121: Se1/0/0:12 PPP: Phase is VIRTUALIZED
Dec 15 14:26:28.125: Vi1 PPP: Phase is DOWN, Setup
You need to configure interface virtual-template 1 to terminate the isdn users everytime the authorizaton data received from AAA for isdn users..so you need to enter following config.
config t
multilink virtual-template 1
virtual-profile virtual-template 1
virtual-profile if-needed
!
Interface virtual-template 1
ip unnumbered Loopback0
encapsulation ppp
no ip route-cache
ip tcp header-compression passive
autodetect encapsulation ppp v120
ppp authentication pap chap rad-1
ppp authorization rad-1
ppp multilink
After that it should work.
12-16-2002 01:36 AM
Thanx a lot this configuration helped me and the users are working, but another problem appears, when I put ppp multilink command on serial interface users can't login , and when I remove the command user login and take IP from the radius but they can't establish ppp multilink . configuration is as follows:
multilink virtual-template 1
virtual-profile if-needed
virtual-profile virtual-template 1
interface Virtual-Template1
ip unnumbered Loopback0
no ip route-cache
ip tcp header-compression
autodetect encapsulation ppp
peer default ip address pool default
ppp authentication pap chap rad-1
ppp authorization rad-1
ppp multilink
!
interface Serial1/0/0:15
ip unnumbered Loopback0
no ip redirects
encapsulation ppp
no ip route-cache
ip tcp header-compression passive
dialer idle-timeout 7000
autodetect encapsulation ppp v120
isdn switch-type primary-net5
isdn not-end-to-end 56
isdn incoming-voice modem
isdn negotiate-bchan
peer default ip address pool default
ppp authorization rad-1
ppp authentication pap chap rad-1
ppp multilink { when this command added no body can login, must removed but users can't establish ppp multilink}
thanx for ur support
12-16-2002 02:19 PM
Leave the "ppp multilink" command under the setial interfce as its needed under physical interfce to negotiate the multilink.
I would remove following lines of config from serial interface if i don't need.
autodetect encapsulation ppp v120
isdn not-end-to-end 56
isdn negotiate-bchan
Now we need to see the following debug to see where the problem is when isdn users with multilink dialin.
debug isdn q931
debug ppp nego
debug aaa per
debug aaa authentication
debug aaa authorization
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide