Есть CISCO3725 + NM-8A/S и радиус под Novelleм.
Пытаюсь раздать IP адреса получаемые от радиуса по аттрибутам Framed-IP-Address и Framed-IP-Netmask.
На адреса раздаются все равно из локального сискиного пула.
части конфига:
=====
aaa new-model
!
!
aaa authentication ppp default local group radius
aaa authorization network default if-authenticated local group radius
aaa accounting update newinfo
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
aaa session-id common
=====
interface Serial2/7
physical-layer async
ip unnumbered FastEthernet0/0
encapsulation ppp
ip tcp header-compression
async dynamic routing
async mode interactive
peer default ip address pool default
ppp authentication chap eap ms-chap ms-chap-v2 pap
=====
ip local pool default 12.0.17.1 12.0.17.254
ip default-gateway 10.0.0.2
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 10.0.0.2
=====
ip radius source-interface FastEthernet0/0
radius-server host 192.168.0.201 auth-port 1645 acct-port 1646
radius-server key 7 1446405858517C
=====
в дебаге буквально следующее:
*Mar 6 14:16:12.906: %LINK-3-UPDOWN: Interface Serial2/7, changed state to up
*Mar 6 14:16:18.826: RADIUS: AAA Unsupported [152] 9
*Mar 6 14:16:18.826: RADIUS: 53 65 72 69 61 6C 32 [Serial2]
*Mar 6 14:16:18.826: RADIUS(0000004D): Storing nasport 72 in rad_db
*Mar 6 14:16:18.826: RADIUS(0000004D): Config NAS IP: 10.0.0.1
*Mar 6 14:16:18.826: RADIUS/ENCODE(0000004D): acct_session_id: 105
*Mar 6 14:16:18.826: RADIUS(0000004D): sending
*Mar 6 14:16:18.826: RADIUS(0000004D): Send Access-Request to 192.168.0.202:1645 id 1645/60, len 83
*Mar 6 14:16:18.826: RADIUS: authenticator 61 2D 7D 3D DE B5 90 41 - 19 99 97 69 C4 44 39 43
*Mar 6 14:16:18.826: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Mar 6 14:16:18.826: RADIUS: User-Name [1] 7 "user1"
*Mar 6 14:16:18.826: RADIUS: CHAP-Password [3] 19 *
*Mar 6 14:16:18.826: RADIUS: NAS-Port-Type [61] 6 Async [0]
*Mar 6 14:16:18.826: RADIUS: Calling-Station-Id [31] 7 "async"
*Mar 6 14:16:18.826: RADIUS: NAS-Port [5] 6 72
*Mar 6 14:16:18.826: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 6 14:16:18.830: RADIUS: NAS-IP-Address [4] 6 10.0.0.1
*Mar 6 14:16:18.850: RADIUS: Received from id 1645/60 192.168.0.202:1645, Access-Accept, len 32
*Mar 6 14:16:18.850: RADIUS: authenticator FC 59 05 3C E4 57 C9 10 - 07 D9 56 F2 77 77 11 EF
*Mar 6 14:16:18.850: RADIUS: Framed-IP-Address [8] 6 192.168.0.180
*Mar 6 14:16:18.850: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.252
*Mar 6 14:16:18.850: RADIUS(0000004D): Received from id 1645/60
*Mar 6 14:16:18.850: Se2/7 PPP/AAA: Check Attr: addr
*Mar 6 14:16:18.850: Se2/7 PPP/AAA: Check Attr: route: Peruser
*Mar 6 14:16:18.850: Se2/7 PPP/AAA: Check Attr: netmask
*Mar 6 14:16:18.850: Se2/7 AAA/AUTHOR/FSM: We can start IPCP
*Mar 6 14:16:18.850: RADIUS(0000004D): Using existing nas_port 72
*Mar 6 14:16:18.850: RADIUS(0000004D): Config NAS IP: 10.0.0.1
*Mar 6 14:16:18.850: RADIUS(0000004D): sending
*Mar 6 14:16:18.850: RADIUS(0000004D): Send Accounting-Request to 192.168.0.202:1646 id 1646/118, len 92
*Mar 6 14:16:18.850: RADIUS: authenticator 95 FF D9 9F F8 3E 1A C4 - FB DB 37 D6 BC C6 CB 98
*Mar 6 14:16:18.850: RADIUS: Acct-Session-Id [44] 10 "00000069"
*Mar 6 14:16:18.850: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Mar 6 14:16:18.850: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Mar 6 14:16:18.850: RADIUS: User-Name [1] 7 "user1"
*Mar 6 14:16:18.850: RADIUS: Acct-Status-Type [40] 6 Start [1]
*Mar 6 14:16:18.850: RADIUS: NAS-Port-Type [61] 6 Async [0]
*Mar 6 14:16:18.850: RADIUS: Calling-Station-Id [31] 7 "async"
*Mar 6 14:16:18.850: RADIUS: NAS-Port [5] 6 72
*Mar 6 14:16:18.850: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 6 14:16:18.850: RADIUS: NAS-IP-Address [4] 6 10.0.0.1
*Mar 6 14:16:18.854: RADIUS: Acct-Delay-Time [41] 6 0
*Mar 6 14:16:18.858: RADIUS: Received from id 1646/118 192.168.0.202:1646, Accounting-response, len 20
*Mar 6 14:16:18.862: RADIUS: authenticator 77 64 57 92 C3 90 77 62 - 50 58 4C A4 76 0C A7 57
*Mar 6 14:16:18.978: Se2/7 AAA/AUTHOR/IPCP: no author-info for primary dns
*Mar 6 14:16:18.978: Se2/7 AAA/AUTHOR/IPCP: no author-info for primary wins
*Mar 6 14:16:18.978: Se2/7 AAA/AUTHOR/IPCP: no author-info for seconday dns
*Mar 6 14:16:18.978: Se2/7 AAA/AUTHOR/IPCP: no author-info for seconday wins
*Mar 6 14:16:19.206: RADIUS/ENCODE(0000004D): Unsupported AAA attribute protocol
*Mar 6 14:16:19.206: RADIUS(0000004D): Using existing nas_port 72
*Mar 6 14:16:19.206: RADIUS(0000004D): Config NAS IP: 10.0.0.1
*Mar 6 14:16:19.206: RADIUS(0000004D): sending
*Mar 6 14:16:19.206: RADIUS(0000004D): Send Accounting-Request to 192.168.0.202:1646 id 1646/119, len 128
*Mar 6 14:16:19.206: RADIUS: authenticator 33 81 DA 59 CC 9C EC 44 - D9 2F 0E B8 0F CC 7B 34
*Mar 6 14:16:19.206: RADIUS: Acct-Session-Id [44] 10 "00000069"
*Mar 6 14:16:19.206: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Mar 6 14:16:19.206: RADIUS: Framed-IP-Address [8] 6 12.0.17.1
*Mar 6 14:16:19.206: RADIUS: Acct-Session-Time [46] 6 0
*Mar 6 14:16:19.206: RADIUS: Acct-Input-Octets [42] 6 108
*Mar 6 14:16:19.206: RADIUS: Acct-Output-Octets [43] 6 106
*Mar 6 14:16:19.206: RADIUS: Acct-Input-Packets [47] 6 5
*Mar 6 14:16:19.206: RADIUS: Acct-Output-Packets [48] 6 5
*Mar 6 14:16:19.206: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Mar 6 14:16:19.206: RADIUS: User-Name [1] 7 "user1"
*Mar 6 14:16:19.206: RADIUS: Acct-Status-Type [40] 6 Watchdog [3]
*Mar 6 14:16:19.206: RADIUS: NAS-Port-Type [61] 6 Async [0]
*Mar 6 14:16:19.206: RADIUS: Calling-Station-Id [31] 7 "async"
*Mar 6 14:16:19.206: RADIUS: NAS-Port [5] 6 72
*Mar 6 14:16:19.206: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 6 14:16:19.206: RADIUS: NAS-IP-Address [4] 6 10.0.0.1
*Mar 6 14:16:19.206: RADIUS: Acct-Delay-Time [41] 6 0
*Mar 6 14:16:19.210: RADIUS: Received from id 1646/119 192.168.0.202:1646, Accounting-response, len 20
*Mar 6 14:16:19.210: RADIUS: authenticator 6A 63 64 00 1A E5 1E 0D - 84 58 CD 0E 1D F3 C4 8A
*Mar 6 14:16:19.850: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/7, changed state to up
*Mar 6 14:16:24.258: RADIUS/ENCODE(0000004D): Unsupported AAA attribute protocol
*Mar 6 14:16:24.258: RADIUS(0000004D): Using existing nas_port 72
*Mar 6 14:16:24.258: RADIUS(0000004D): Config NAS IP: 10.0.0.1
*Mar 6 14:16:24.258: RADIUS(0000004D): sending
*Mar 6 14:16:24.258: RADIUS(0000004D): Send Accounting-Request to 192.168.0.202:1646 id 1646/120, len 134
*Mar 6 14:16:24.258: RADIUS: authenticator C8 36 31 34 A1 EC B8 A3 - C7 98 6A 41 D4 2D 7B FB
*Mar 6 14:16:24.258: RADIUS: Acct-Session-Id [44] 10 "00000069"
*Mar 6 14:16:24.258: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Mar 6 14:16:24.258: RADIUS: Framed-IP-Address [8] 6 12.0.17.1
*Mar 6 14:16:24.258: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Mar 6 14:16:24.258: RADIUS: Acct-Session-Time [46] 6 5
*Mar 6 14:16:24.258: RADIUS: Acct-Input-Octets [42] 6 2340
*Mar 6 14:16:24.258: RADIUS: Acct-Output-Octets [43] 6 114
*Mar 6 14:16:24.258: RADIUS: Acct-Input-Packets [47] 6 17
*Mar 6 14:16:24.258: RADIUS: Acct-Output-Packets [48] 6 6
*Mar 6 14:16:24.258: RADIUS: Acct-Terminate-Cause[49] 6 user-request [1]
*Mar 6 14:16:24.258: RADIUS: User-Name [1] 7 "user1"
*Mar 6 14:16:24.258: RADIUS: Acct-Status-Type [40] 6 Stop [2]
*Mar 6 14:16:24.258: RADIUS: NAS-Port-Type [61] 6 Async [0]
*Mar 6 14:16:24.258: RADIUS: Calling-Station-Id [31] 7 "async"
*Mar 6 14:16:24.258: RADIUS: NAS-Port [5] 6 72
*Mar 6 14:16:24.258: RADIUS: Service-Type [6] 6 Framed [2]
*Mar 6 14:16:24.258: RADIUS: NAS-IP-Address [4] 6 10.0.0.1
*Mar 6 14:16:24.258: RADIUS: Acct-Delay-Time [41] 6 0
*Mar 6 14:16:24.262: RADIUS: Received from id 1646/120 192.168.0.202:1646, Accounting-response, len 20
*Mar 6 14:16:24.266: RADIUS: authenticator B1 9F 25 DA C2 C0 B8 BE - 38 9B E7 6B 70 14 8A 1C
*Mar 6 14:16:25.258: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/7, changed state to down
*Mar 6 14:16:28.258: %LINK-5-CHANGED: Interface Serial2/7, changed state to reset
*Mar 6 14:16:33.258: %LINK-3-UPDOWN: Interface Serial2/7, changed state to down
т.е. эти аттрибуты с радиуса приходят на циску, а клиенту все равно присваевается Ip из локального пула...
Подскажите куда копать, чувствую где-то рядом....
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(??) on
30-Авг-05, 14:19 (MSK)
