Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PPPoE on ethernet RADIUS authentication

I'm trying to use radius to authenticate a PPPoE session. The request

to authenticate was hit at radius but it was not able astablish connection.

Please refer to the log below.

From Radius log file(IMS)

09.04.2002 17.26.25-823 RADIUS[ 377] DBG ----- [Worker sent message (1 bytes)]

09.04.2002 17.26.25-823 RADIUS[ 375] DBG ----- [Available=11]

09.04.2002 17.26.25-823 RADIUS[ 375] DBG ----- [Incoming data on Worker socket]

09.04.2002 17.26.25-824 RADIUS[ 375] DBG ----- [Worker 1 is available!]

09.04.2002 17.26.25-824 RADIUS[ 375] DBG ----- []

09.04.2002 17.26.25-824 RADIUS[ 375] DBG ----- [Find free worker]

09.04.2002 17.26.26-395 RADIUS[ 375] DBG ----- [Available=6]

09.04.2002 17.26.26-395 RADIUS[ 375] DBG ----- [Incoming data on Access socket]

09.04.2002 17.26.26-395 RADIUS[ 375] DBG ----- [Read a message(79 bytes)]

09.04.2002 17.26.26-395 RADIUS[ 375] DBG ----- [Data read]

09.04.2002 17.26.26-395 RADIUS[ 375] DBG ----- []

09.04.2002 17.26.26-395 RADIUS[ 375] DBG ----- [Find free worker]

09.04.2002 17.26.26-395 RADIUS[ 375] DBG ----- [Sending request to worker]

09.04.2002 17.26.26-396 RADIUS[ 375] DBG ----- [Sent 99 bytes to worker]

09.04.2002 17.26.26-396 RADIUS[ 375] DBG ----- [Worker 1 is now busy!]

09.04.2002 17.26.26-396 RADIUS[ 377] DBG ----- [Dispatcher message ready]

09.04.2002 17.26.26-396 RADIUS[ 377] DBG ----- [Worker received 99 bytes]

09.04.2002 17.26.26-396 RADIUS[ 377] DBG ----- [Worker:handle_request() id=1, length=99, src_ip=203.121.6.154, src_port=1645, datal

en=79]

09.04.2002 17.26.26-396 RADIUS[ 377] DBG ----- [RawPacket]

0000 0113004F 8CEA8BDD 039CDA6B 9CD72EF0 ...O.......k....

0010 5CCE0F35 0406CB79 069A0506 00000001 \..5...y........

0020 3D060000 0005010A 61737568 61696D69 =.......asuhaimi

0030 03131481 4A432434 B3F480F7 08D31EAF ....JC$4........

0040 A09C7506 06000000 02070600 000001 ..u............

09.04.2002 17.26.26-397 RADIUS[ 377] DBG ----- [No Nas Cache Hit!]

09.04.2002 17.26.26-398 RADIUS[ 377] DBG ----- [Inserting into nas_cache!]

09.04.2002 17.26.26-398 RADIUS[ 377] DBG ----- []

09.04.2002 17.26.26-399 RADIUS[ 377] DBG ----- [Packet without VSAs and Acct-Session-Id]

09.04.2002 17.26.26-399 RADIUS[ 377] DBG ----- [av_pairs cache hit!]

09.04.2002 17.26.26-399 RADIUS[ 377] DBG ----- [Entity_ident cache hit!]

09.04.2002 17.26.26-399 RADIUS[ 377] DBG ----- [Found no matching entity_ident record - using default]

09.04.2002 17.26.26-399 RADIUS[ 377] DBG ----- [analyze_radius_packet() = [2]]

09.04.2002 17.26.26-400 RADIUS[ 377] DBG ----- [-- Handling Access Request --]

09.04.2002 17.26.26-400 RADIUS[ 377] DBG ----- [access_type = 9]

09.04.2002 17.26.26-400 RADIUS[ 377] DBG ----- [trace: IDAPIGetServiceByUserName(...'asuhaimi',9)]

09.04.2002 17.26.26-400 RADIUS[ 377] DBG ----- [No Clid cache hit!]

09.04.2002 17.26.26-401 RADIUS[ 377] DBG ----- [Inserting negative into clid_username_cache!]

09.04.2002 17.26.26-401 RADIUS[ 377] DBG ----- [No logon_record Cache Hit!]

09.04.2002 17.26.26-401 RADIUS[ 377] DBG ----- [trace: IDAPIGetLogonRecordByUsername(...'asuhaimi'(8),2)]

09.04.2002 17.26.26-402 RADIUS[ 377] DBG ----- [Inserting into Logon_record cache!]

09.04.2002 17.26.26-402 RADIUS[ 377] DBG ----- [Found user by username! pop_id=0, ispvn_id=2, password=asuhaimi, access_types=XX-X-

----------------X----------, has_clid= ]

09.04.2002 17.26.26-403 RADIUS[ 377] DBG ----- [Account does not have access_type 9!]

09.04.2002 17.26.26-403 RADIUS[ 377] DBG ----- [Rejected by VerifyUserAccess]

09.04.2002 17.26.26-403 RADIUS[ 377] DBG ----- [finish_access_request(...1,0,-1,...)]

09.04.2002 17.26.26-403 RADIUS[ 377] DBG ----- [Finishing access request for user asuhaimi]

09.04.2002 17.26.26-403 RADIUS[ 377] DBG ----- [Access rejected: Unknown username or service]

09.04.2002 17.26.26-404 RADIUS[ 377] DBG ----- [Packet sent (49 of 49 bytes) to ip=0xcb79069a:1645 via fd=6:]

0000 03130031 15AC8CB2 BCF8EF39 3114336B ...1.......91.3k

0010 302AC16E 121D556E 6B6E6F77 6E207573 0*.n..Unknown us

0020 65726E61 6D65206F 72207365 72766963 ername or servic

0030 65 e

=============end======================================

the statement [No Clid cache hit!] goes to the "Account does not have access_type 9!]" . What does this mean? Can anyone help me.

I have configured the accounting port and the authentication port

correctly on the router.

as u can see the username "suhaimi" is known by the RADIUS but

it can't authenticate!!.. please help.

1 REPLY
Cisco Employee

Re: PPPoE on ethernet RADIUS authentication

Looks to me that you may not have configured the ip address of the NAS correctly in the radius server..If you can reach to radius server over the serial interface, then in the authentication request packet to radius server, source ip address will be the ip address of the serial interface. So you need to enter the ip address of the NAS as the ip address of serial interface..(unless you have modified it using the "ip radius source-interface command)

Just make sure that you have configured the correct ip address for NAS in radius server.

Following debug you can turn on to verify that.

debug radius

debug aaa authentication

131
Views
0
Helpful
1
Replies
CreatePlease login to create content