08-11-2003 04:43 PM - edited 07-04-2021 08:56 AM
Hi,
I have been able to get mac-authentication working with my Funk SBR AAA server. Being keen on punishment, I though I would get accounting to work as well. I think I am close, but I don't see the accounting packets going out to the AAA server, only the authentication packets. Here is the aaa relivant sections of the config...
aaa new-model
aaa group server radius moonbox
aaa authentication login default group radius local
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
aaa session-id common
...here is the ssid section for the dot 0 interface...
ssid tsunami
authentication open mac-address default
accounting default
guest-mode
...here is the radius section...
ip radius source-interface BVI1
radius-server host xxxx auth-port xxxx acct-port xxxx key xxx
radius-server retransmit 3
...Here is what happens when I ifconfig up the pcmcia card...
CiscoCS1100#show debug
General OS:
AAA Authentication debugging is on
AAA Authorization debugging is on
AAA Accounting debugging is on
AAA Subsystem debugs debugging is on
AAA DB debugs debugging is on
dot11 aaa:
Mac Authentication debugging is on
Radius protocol debugging is on
Radius packet protocol (accounting) debugging is on
dot11:
IEEE 802.11 packets debugging is on
CiscoCS1100#term mon
CiscoCS1100#
...this is where I push in the pcmcia card...
08:48:54: AAA/ACCT/EVENT/(000000BE): NET DOWN
08:48:54: AAA/ACCT/NET(000000BE): Method list not found <- this part gets me its like I can't get accounting to go to the network.
08:48:54: AAA/ACCT(000000BE):acctdb->rec_count = 0..sending signal
08:48:54: AAA/ACCT(000000BE): Interface DB not enqueued
08:48:54: AAA/DB(000000BF): Creating DB element.
08:48:54: AAA/DB(000000BF): Adding Interface
08:48:54: AAA/DB(000000BF): Adding Client
08:48:54: AAA/DB(000000BF): Adding General
08:48:54: AAA/ACCT/EVENT/(000000BF): CALL START
08:48:54: AAA/DB(000000BF): Adding Accounting
08:48:54: AAA/ACCT/NET(000000BF): Rec init, Session Id=191
08:48:54: dot11_aaa_mac_auth: method_list: default
08:48:54: dot11_aaa_mac_auth: method_index: 0xFFFFFFFF, req: 0x64BDA4
08:48:54: dot11_aaa_mac_auth: client->unique_id: 0xBF
08:48:54: AAA/AUTHEN/LOGIN (000000BF): Pick method list 'default'
08:48:54: AAA/DB(000000BE): Deleting Accounting
08:48:54: AAA/DB(000000BE): Deleting Radius
08:48:54: AAA/DB(000000BE): Deleting Interface
08:48:54: AAA/DB(000000BE): Deleting Authen
08:48:54: AAA/DB(000000BE): Deleting General
08:48:54: AAA/DB(000000BE): Deleting Client
08:48:54: AAA/DB(000000BE): Deleting DB element.
08:48:54: AAA SRV(000000BF): process authen req
08:48:54: AAA SRV(000000BF): Authen method=SERVER_GROUP radius
08:48:54: AAA/DB(000000BF): Adding Radius
08:48:54: AAA SRV(000000BF): protocol reply PASS
08:48:54: AAA/DB(000000BF): Adding Authen
08:48:54: AAA SRV(000000BF): Return Authentication status=PASS
08:48:54: dot11_mac_process_reply: AAA reply for 000c.3002.1f57 PASSED
...Now the pcmcia card gets popped out...
CiscoCS1100#
08:49:02: AAA/ACCT/EVENT/(000000BF): NET DOWN
08:49:02: AAA/ACCT/NET(000000BF): Method list not found <- this part bugs me.
08:49:02: AAA/ACCT(000000BF):acctdb->rec_count = 0..sending signal
08:49:02: AAA/ACCT(000000BF): Interface DB not enqueued
08:49:02: AAA/DB(000000C0): Creating DB element.
08:49:02: AAA/DB(000000C0): Adding Interface
08:49:02: AAA/DB(000000C0): Adding Client
08:49:02: AAA/DB(000000C0): Adding General
08:49:02: AAA/ACCT/EVENT/(000000C0): CALL START
08:49:02: AAA/DB(000000C0): Adding Accounting
08:49:02: AAA/ACCT/NET(000000C0): Rec init, Session Id=192
08:49:02: dot11_aaa_mac_auth: method_list: default
08:49:02: dot11_aaa_mac_auth: method_index: 0xFFFFFFFF, req: 0x74957C
08:49:02: dot11_aaa_mac_auth: client->unique_id: 0xC0
08:49:02: AAA/AUTHEN/LOGIN (000000C0): Pick method list 'default'
08:49:02: AAA/DB(000000BF): Deleting Accounting
08:49:02: AAA/DB(000000BF): Deleting Radius
08:49:02: AAA/DB(000000BF): Deleting Interface
08:49:02: AAA/DB(000000BF): Deleting Authen
08:49:02: AAA/DB(000000BF): Deleting General
08:49:02: AAA/DB(000000BF): Deleting Client
08:49:02: AAA/DB(000000BF): Deleting DB element.
08:49:02: AAA SRV(000000C0): process authen req
08:49:02: AAA SRV(000000C0): Authen method=SERVER_GROUP radius
08:49:03: AAA/DB(000000C0): Adding Radius
08:49:03: AAA SRV(000000C0): protocol reply PASS
08:49:03: AAA/DB(000000C0): Adding Authen
08:49:03: AAA SRV(000000C0): Return Authentication status=PASS
08:49:03: dot11_mac_process_reply: AAA reply for 000c.3002.1f57 PASSED
...any ideas? Thanks,
Bryan
08-11-2003 04:55 PM
I forgot to include...
CiscoCS1100#show aaa method-lists all
authen queue=AAA_ML_AUTHEN_LOGIN
name=default valid=1 id=FFFFFFFF : SERVER_GROUP radius LOCAL
authen queue=AAA_ML_AUTHEN_ENABLE
authen queue=AAA_ML_AUTHEN_PPP
authen queue=AAA_ML_AUTHEN_ARAP
authen queue=AAA_ML_AUTHEN_NASI
permanent lists
name=Permanent Enable None valid=1 id=FFFFFFFF : ENABLE NONE
name=Permanent Enable valid=1 id=FFFFFFFF : ENABLE
name=Permanent None valid=1 id=FFFFFFFF : NONE
name=Permanent Local valid=1 id=FFFFFFFF : LOCAL
author queue=AAA_ML_AUTHOR_SHELL
author queue=AAA_ML_AUTHOR_NET
name=default valid=0 id=FFFFFFFF : SERVER_GROUP radius
author queue=AAA_ML_AUTHOR_CONN
author queue=AAA_ML_AUTHOR_IPMOBILE
author queue=AAA_ML_AUTHOR_COMMAND
author queue=AAA_ML_AUTHOR_RM
author queue=AAA_ML_AUTHOR_CONFIG
author queue=AAA_ML_AUTHOR_AUTH_PROXY
author queue=AAA_ML_AUTHOR_PREAUTH
permanent lists
name=local-list valid=1 id=FFFFFFFF : LOCAL
acct queue=AAA_ML_ACCT_SHELL
name=default valid=1 id=FFFFFFFF Action=START STOP : SERVER_GROUP radius
acct queue=AAA_ML_ACCT_NET
name=default valid=0 id=FFFFFFFF Action=START STOP : SERVER_GROUP radius
acct queue=AAA_ML_ACCT_CONN
name=default valid=1 id=FFFFFFFF Action=START STOP : SERVER_GROUP radius
acct queue=AAA_ML_ACCT_SYSTEM
acct queue=AAA_ML_ACCT_RESOURCE
name=default valid=0 id=FFFFFFFF Action=START STOP : SERVER_GROUP radius
acct queue=AAA_ML_ACCT_RM
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
acct queue=AAA_ML_ACCT_COMMAND
permanent lists
name=Permanent None valid=1 id=FFFFFFFF Action=NOT_SET : NONE
...Thought it would be helpful.
...thanks
10-09-2003 01:27 PM
Look up this url: http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1200/accsspts/b12211ja/b12211cr/cr11main.htm#2449819
This command should do the trick!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide