01-13-2004 07:20 PM - edited 03-02-2019 12:51 PM
Hi,
I set up my Cisco R-3745 as PPPoE access server, My radius requires clients to send MAC as Calling-Station-ID (attribute 31) to authenticate. But router had never sent Calling-Station-ID to radius. Do I have to change something in the router's config or update IOS ?
thanks.
Luan.
01-20-2004 06:16 AM
Have you enabled authorization and accounting on your router , because even though you are using it for authentication router usually uses for authorizing, try enable it . I have heard of some similar bug in version 12.x , so checking in the bug tool kit will also help you
01-27-2004 01:07 AM
Yes, I enabled auth & acct . But the problem here is that the router does not send Calling-Station-ID (attribute 31) to radius so clients cannot login (my radius server requires MAC address as Calling-Station-ID to authenticate)
Here below is my router configuration :
=============================
FHCM-C3745-1#sh run
Building configuration...
Current configuration : 5175 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname FHCM-C3745-1
!
enable secret xxxxxx
enable password xxxxx
!
aaa new-model
!
no aaa authentication login default group radius local
no aaa authentication login no_radius enable
no aaa authentication login dialins group radius
no aaa authentication ppp default local group radius
no aaa authorization exec default group radius
no aaa authorization exec console none
no aaa authorization network default local group radius
no aaa accounting exec default start-stop group radius
no aaa accounting network default start-stop group radius
no aaa session-id common
!
username luan password xxxxx
ip subnet-zero
ip wccp version 1
ip cef
!
!
ip name-server x.x.x.x
ip name-server x.x.x.x
!
vpdn-group pppoe-test
accept-dialin
protocol pppoe
virtual-template 1
pppoe limit per-vlan 10
pppoe limit max-sessions 1
!
subscriber access pppoe pre-authorize nas-port-id calling-station-id
subscriber authorization enable
!
interface FastEthernet0/0
ip address x.x.x.x x.x.255.224
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address x.x.x.x x.255.255.248
ip access-group 112 in
no ip unreachables
no ip mroute-cache
no keepalive
shutdown
duplex auto
speed auto
no cdp enable
!
interface Virtual-Template1
mtu 1492
ip unnumbered FastEthernet0/1
no peer default ip address
ppp authentication pap
!
ip classless
ip route 0.0.0.0 0.0.0.0 210.245.31.1
no cdp run
!
snmp-server community FPTHCM123 RO 51
snmp-server enable traps tty
!
radius-server configure-nas
radius-server host x.x.x.142 auth-port 1645 acct-port 1646 key 7
xxxxx
radius-server authorization default Framed-Protocol ppp
radius-server vsa send accounting
radius-server vsa send authentication
!
line con 0
line aux 0
line vty 0 4
password xxxx
login authentication no_radius
login
line vty 5 15
password xxxxx
login
!
end
FHCM-C3745-1#
========================
FHCM-C3745-1#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3700 Software (C3745-IS-M), Version 12.2(11)T9, RELEASE SOFTWARE
(fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Mon 23-Jun-03 11:19 by cmong
Image text-base: 0x60008940, data-base: 0x617C0000
ROM: System Bootstrap, Version 12.2(8r)T2, RELEASE SOFTWARE (fc1)
FHCM-C3745-1 uptime is 48 minutes
System returned to ROM by power-on
System image file is "flash:c3745-is-mz.122-11.T9.bin"
cisco 3745 (R7000) processor (revision 53.51) with 131072K/12288K bytes of
memor
y.
Processor board ID JPE072610FH
R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 2048KB L3 Cache
Channelized E1, Version 1.0.
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
Primary Rate ISDN software, Version 1.1.
2 FastEthernet/IEEE 802.3 interface(s)
8 Low-speed serial(sync/async) network interface(s)
2 Channelized E1/PRI port(s)
2 Voice FXS interface(s)
DRAM configuration is 64 bits wide with parity disabled.
151K bytes of non-volatile configuration memory.
31744K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102
FHCM-C3745-1#
==========================
debug radius
3w0d: RADIUS/ENCODE(00001371): acct_session_id: 4207
3w0d: RADIUS(00001371): sending
3w0d: RADIUS(00001371): Send Access-Request to 210.245.31.142:1645 id
21661/30, len 108
3w0d: RADIUS: authenticator 9E 81 2A C3 82 00 8A 4D - 5D EA 7B 88 CF 20 26
BF
3w0d: RADIUS: User-Name [1] 31 "nas-port:210.245.31.4:0/0/1/0"
3w0d: RADIUS: User-Password [2] 18 *
3w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
3w0d: RADIUS: Vendor, Cisco [26] 15
3w0d: RADIUS: cisco-nas-port [2] 9 "0/0/1/0"
3w0d: RADIUS: NAS-Port [5] 6 0
3w0d: RADIUS: Service-Type [6] 6 Outbound [5]
3w0d: RADIUS: NAS-IP-Address [4] 6 210.245.31.4
3w0d: RADIUS: Received from id 21661/30 210.245.31.142:1645, Access-Reject,
len 20
3w0d: RADIUS: authenticator 74 C4 F9 43 DC 4C B6 2F - FA B2 BD A9 03 80 08
0E
3w0d: RADIUS: response-authenticator decrypt fail, pak len 20
3w0d: RADIUS: packet dump: 031E001474C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: expected digest: C1BF9EDA99B52F0ABD68F4F972FC8F48
3w0d: RADIUS: response authen: 74C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: request authen: 9E812AC382008A4D5DEA7B88CF2026BF
3w0d: RADIUS: Response (30) failed decrypt
3w0d: RADIUS: Retransmit to (210.245.31.142:1645,1646) for id 21661/30
3w0d: RADIUS(00001371): Retransmit id 21661/30
3w0d: RADIUS: Received from id 21661/30 210.245.31.142:1645, Access-Reject,
len 20
3w0d: RADIUS: authenticator 74 C4 F9 43 DC 4C B6 2F - FA B2 BD A9 03 80 08
0E
3w0d: RADIUS: response-authenticator decrypt fail, pak len 20
3w0d: RADIUS: packet dump: 031E001474C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: expected digest: C1BF9EDA99B52F0ABD68F4F972FC8F48
3w0d: RADIUS: response authen: 74C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: request authen: 9E812AC382008A4D5DEA7B88CF2026BF
3w0d: RADIUS: Response (30) failed decrypt
3w0d: RADIUS: Retransmit to (210.245.31.142:1645,1646) for id 21661/30
3w0d: RADIUS(00001371): Retransmit id 21661/30
3w0d: RADIUS: Received from id 21661/30 210.245.31.142:1645, Access-Reject,
len 20
3w0d: RADIUS: authenticator 74 C4 F9 43 DC 4C B6 2F - FA B2 BD A9 03 80 08
0E
3w0d: RADIUS: response-authenticator decrypt fail, pak len 20
3w0d: RADIUS: packet dump: 031E001474C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: expected digest: C1BF9EDA99B52F0ABD68F4F972FC8F48
3w0d: RADIUS: response authen: 74C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: request authen: 9E812AC382008A4D5DEA7B88CF2026BF
3w0d: RADIUS: Response (30) failed decrypt
3w0d: RADIUS: Retransmit to (210.245.31.142:1645,1646) for id 21661/30
3w0d: RADIUS(00001371): Retransmit id 21661/30
3w0d: RADIUS: Received from id 21661/30 210.245.31.142:1645, Access-Reject,
len 20
3w0d: RADIUS: authenticator 74 C4 F9 43 DC 4C B6 2F - FA B2 BD A9 03 80 08
0E
3w0d: RADIUS: response-authenticator decrypt fail, pak len 20
3w0d: RADIUS: packet dump: 031E001474C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: expected digest: C1BF9EDA99B52F0ABD68F4F972FC8F48
3w0d: RADIUS: response authen: 74C4F943DC4CB62FFAB2BDA90380080E
3w0d: RADIUS: request authen: 9E812AC382008A4D5DEA7B88CF2026BF
3w0d: RADIUS: Response (30) failed decrypt
3w0d: RADIUS: Tried all servers.
3w0d: RADIUS: No valid server found. Trying any viable server
3w0d: RADIUS: Tried all servers.
3w0d: RADIUS: No response from (210.245.31.142:1645,1646) for id 21661/30
3w0d: RADIUS/DECODE: parse response no app start; FAIL
3w0d: RADIUS/DECODE: parse response; FAIL
3w0d: RADIUS(00001371): Using existing nas_port 0
3w0d: RADIUS: Pick NAS IP for uid=4977 tableid=0 cfg_addr=0.0.0.0
best_addr=210.245.31.4
3w0d: RADIUS/ENCODE(00001371): acct_session_id: 4207
3w0d: RADIUS(00001371): sending
3w0d: RADIUS(00001371): Send Access-Request to 210.245.31.142:1645 id
21661/31, len 95
3w0d: RADIUS: authenticator 45 44 E6 CD 63 E2 61 54 - 65 31 25 37 21 9D 61
22
3w0d: RADIUS: Framed-Protocol [7] 6 PPP [1]
3w0d: RADIUS: User-Name [1] 12 "dsl-liempc"
3w0d: RADIUS: User-Password [2] 18 *
3w0d: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
3w0d: RADIUS: Vendor, Cisco [26] 15
3w0d: RADIUS: cisco-nas-port [2] 9 "0/0/1/0"
3w0d: RADIUS: NAS-Port [5] 6 0
3w0d: RADIUS: Service-Type [6] 6 Framed [2]
3w0d: RADIUS: NAS-IP-Address [4] 6 210.245.31.4
3w0d: RADIUS: Received from id 21661/31 210.245.31.142:1645, Access-Reject,
len 20
3w0d: RADIUS: authenticator A7 6A 6E 13 AB 77 A4 2D - 78 B9 19 AA AB 36 22
2A
3w0d: RADIUS(00001371): Received from id 21661/31
=================================
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide