Re: Passing Radius attribute to Cisco 7304
Hmmm.. Well, as this is clearly a cisco problem and not FreeRADIUS (according to your logs) you will probably get more love from a cisco mailing list ([EMAIL PROTECTED] for example). I unfortunately have not come across the problem before. Cheers Peter On Tue 15 Aug 2006 17:37, John Williams wrote: > Yes I would agree normally. > But we don't currently have a valid support contract for the Cisco so I'm > hoping someone may have come across this before or maybe familiar with the > 7304. > > John > > > -Original Message- > > From: freeradius-users- > > [EMAIL PROTECTED] > > [mailto:freeradius-users- > > [EMAIL PROTECTED] On Behalf Of > > Peter Nixon > > Sent: 15 August 2006 15:21 > > To: FreeRadius users mailing list > > Subject: Re: Passing Radius attribute to Cisco 7304 > > > > Hi John > > > > This looks like something you should take up with Cisco TAC as the cisco > > quite > > clearly says thats its not applying the attribute you are sending it. > > > > Cheers > > > > Peter > > > > On Tue 15 Aug 2006 16:18, John Williams wrote: > > > Ok for some reason the whole email I typed didn't send, just the first > > > line. Lets try again. > > > > > > Right we have just upgraded our 7204 to a 7304. > > > We just copied the config across to the 7304 more or less. > > > > > > We send a Radius attribute to certain users that will assign a route > > > map > > > > to > > > > > direct their web traffic to our proxy server. This worked fine on the > > > > 7204 > > > > > but no longer does on the 7304. > > > > > > The attribute we send is: > > > > > > ## > > > ip policy route-map proxy-redirect > > > ## > > > > > > > > > Which assigns the route map: > > > > > > > > > ## > > > route-map proxy-redirect-new permit 10 > > > match ip address 110 > > > set ip next-hop 192.168.1.33 > > > ## > > > > > > > > > Which is controlled by the access list: > > > > > > > > > > > > ## > > > access-list 110 deny ip 192.168.1.0 0.0.0.15 any > > > access-list 110 permit tcp any any eq www > > > access-list 110 deny ip any any > > > ## > > > > > > > > > The Radius debug on the router shows: > > > > > > > > > ## > > > RADIUS: cisco AVPair "lcp:interface-config= ip policy route-map > > > proxy-redirect" not applied for ip > > > ## > > > > > > > > > Not sure why it's no longer assigning the route map. > > > If I do a " show derived-config interface " for the > > > > user > > > > > that should be assigned the route map it doesn't show it being > > > assigned. Likewise our proxy logs no longer show anyone accessing the > > > proxy. > > > > > > Has anyone got any ideas or come across the error before when assign > > > > Radius > > > > > attributes to a user? > > > > > > Thanks > > > John > > > > > > > -Original Message- > > > > From: freeradius-users- > > > > [EMAIL PROTECTED] > > > > [mailto:freeradius-users- > > > > [EMAIL PROTECTED] On Behalf Of > > > > John Williams > > > > Sent: 15 August 2006 08:15 > > > > To: freeradius-users@lists.freeradius.org > > > > Subject: Passing Radius attribute to Cisco 7304 > > > > > > > > Hi all > > > > > > > > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing > > > > some > > > > > > problems > > > > > > > > -- > > > > No virus found in this outgoing message. > > > > Checked by AVG Free Edition. > > > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: > > > > 11/08/2006 > > > > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > > > -- > > > > No virus found in this incoming message. > > > > Checked by AVG Free Edition. > > > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: > > > > 11/08/2006 > > > > -- > > > > Peter Nixon > > http://www.peternixon.net/ > > PGP Key: http://www.peternixon.net/public.asc > > > > -- > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: > > 11/08/2006 -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpCNl2deNPTq.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Passing Radius attribute to Cisco 7304
Yes I would agree normally. But we don't currently have a valid support contract for the Cisco so I'm hoping someone may have come across this before or maybe familiar with the 7304. John > -Original Message- > From: freeradius-users- > [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of > Peter Nixon > Sent: 15 August 2006 15:21 > To: FreeRadius users mailing list > Subject: Re: Passing Radius attribute to Cisco 7304 > > Hi John > > This looks like something you should take up with Cisco TAC as the cisco > quite > clearly says thats its not applying the attribute you are sending it. > > Cheers > > Peter > > On Tue 15 Aug 2006 16:18, John Williams wrote: > > Ok for some reason the whole email I typed didn't send, just the first > > line. Lets try again. > > > > Right we have just upgraded our 7204 to a 7304. > > We just copied the config across to the 7304 more or less. > > > > We send a Radius attribute to certain users that will assign a route map > to > > direct their web traffic to our proxy server. This worked fine on the > 7204 > > but no longer does on the 7304. > > > > The attribute we send is: > > > > ## > > ip policy route-map proxy-redirect > > ## > > > > > > Which assigns the route map: > > > > > > ## > > route-map proxy-redirect-new permit 10 > > match ip address 110 > > set ip next-hop 192.168.1.33 > > ## > > > > > > Which is controlled by the access list: > > > > > > > > ## > > access-list 110 deny ip 192.168.1.0 0.0.0.15 any > > access-list 110 permit tcp any any eq www > > access-list 110 deny ip any any > > ## > > > > > > The Radius debug on the router shows: > > > > > > ## > > RADIUS: cisco AVPair "lcp:interface-config= ip policy route-map > > proxy-redirect" not applied for ip > > ## > > > > > > Not sure why it's no longer assigning the route map. > > If I do a " show derived-config interface " for the > user > > that should be assigned the route map it doesn't show it being assigned. > > Likewise our proxy logs no longer show anyone accessing the proxy. > > > > Has anyone got any ideas or come across the error before when assign > Radius > > attributes to a user? > > > > Thanks > > John > > > > > -Original Message- > > > From: freeradius-users- > > > [EMAIL PROTECTED] > > > [mailto:freeradius-users- > > > [EMAIL PROTECTED] On Behalf Of > > > John Williams > > > Sent: 15 August 2006 08:15 > > > To: freeradius-users@lists.freeradius.org > > > Subject: Passing Radius attribute to Cisco 7304 > > > > > > Hi all > > > > > > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing > some > > > problems > > > > > > -- > > > No virus found in this outgoing message. > > > Checked by AVG Free Edition. > > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: > > > 11/08/2006 > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > -- > > > No virus found in this incoming message. > > > Checked by AVG Free Edition. > > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: > > > 11/08/2006 > > -- > > Peter Nixon > http://www.peternixon.net/ > PGP Key: http://www.peternixon.net/public.asc > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing Radius attribute to Cisco 7304
Hi John This looks like something you should take up with Cisco TAC as the cisco quite clearly says thats its not applying the attribute you are sending it. Cheers Peter On Tue 15 Aug 2006 16:18, John Williams wrote: > Ok for some reason the whole email I typed didn't send, just the first > line. Lets try again. > > Right we have just upgraded our 7204 to a 7304. > We just copied the config across to the 7304 more or less. > > We send a Radius attribute to certain users that will assign a route map to > direct their web traffic to our proxy server. This worked fine on the 7204 > but no longer does on the 7304. > > The attribute we send is: > > ## > ip policy route-map proxy-redirect > ## > > > Which assigns the route map: > > > ## > route-map proxy-redirect-new permit 10 > match ip address 110 > set ip next-hop 192.168.1.33 > ## > > > Which is controlled by the access list: > > > > ## > access-list 110 deny ip 192.168.1.0 0.0.0.15 any > access-list 110 permit tcp any any eq www > access-list 110 deny ip any any > ## > > > The Radius debug on the router shows: > > > ## > RADIUS: cisco AVPair "lcp:interface-config= ip policy route-map > proxy-redirect" not applied for ip > ## > > > Not sure why it's no longer assigning the route map. > If I do a " show derived-config interface " for the user > that should be assigned the route map it doesn't show it being assigned. > Likewise our proxy logs no longer show anyone accessing the proxy. > > Has anyone got any ideas or come across the error before when assign Radius > attributes to a user? > > Thanks > John > > > -Original Message- > > From: freeradius-users- > > [EMAIL PROTECTED] > > [mailto:freeradius-users- > > [EMAIL PROTECTED] On Behalf Of > > John Williams > > Sent: 15 August 2006 08:15 > > To: freeradius-users@lists.freeradius.org > > Subject: Passing Radius attribute to Cisco 7304 > > > > Hi all > > > > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some > > problems > > > > -- > > No virus found in this outgoing message. > > Checked by AVG Free Edition. > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: > > 11/08/2006 > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > -- > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: > > 11/08/2006 -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpX5Ak5eoJUv.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Passing Radius attribute to Cisco 7304
Ok for some reason the whole email I typed didn't send, just the first line. Lets try again. Right we have just upgraded our 7204 to a 7304. We just copied the config across to the 7304 more or less. We send a Radius attribute to certain users that will assign a route map to direct their web traffic to our proxy server. This worked fine on the 7204 but no longer does on the 7304. The attribute we send is: ## ip policy route-map proxy-redirect ## Which assigns the route map: ## route-map proxy-redirect-new permit 10 match ip address 110 set ip next-hop 192.168.1.33 ## Which is controlled by the access list: ## access-list 110 deny ip 192.168.1.0 0.0.0.15 any access-list 110 permit tcp any any eq www access-list 110 deny ip any any ## The Radius debug on the router shows: ## RADIUS: cisco AVPair "lcp:interface-config= ip policy route-map proxy-redirect" not applied for ip ## Not sure why it's no longer assigning the route map. If I do a " show derived-config interface " for the user that should be assigned the route map it doesn't show it being assigned. Likewise our proxy logs no longer show anyone accessing the proxy. Has anyone got any ideas or come across the error before when assign Radius attributes to a user? Thanks John > -Original Message- > From: freeradius-users- > [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of John > Williams > Sent: 15 August 2006 08:15 > To: freeradius-users@lists.freeradius.org > Subject: Passing Radius attribute to Cisco 7304 > > Hi all > > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some > problems > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing Radius attribute to Cisco 7304
On Tue 15 Aug 2006 10:15, John Williams wrote: > Hi all > > We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some > problems We are sorry to hear that. Have you tried asking someone for help with your problem? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpN4DK1M4dQA.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html