Hello, I never think that it's will be problem. I don't guru in Cisco-systems, but all changes in config I make how it's was descript into "PPP Per-User Timeouts" (link from Radiator FAQ). When I make all changes (see cisco.config.txt) I don't get wanted result. I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I see that Cisco get it and then lost or hide it. All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. May be somebody have this problem? -- Best regards, Alexey Korchagin mailto:[EMAIL PROTECTED]
Jun 13 11:21:06.346: TTY12: DSR came up Jun 13 11:21:06.346: tty12: Modem: IDLE->(unknown) Jun 13 11:21:06.346: TTY12: Autoselect started Jun 13 11:21:06.346: TTY12: create timer type 0, 120 seconds Jun 13 11:21:07.310: TTY12: Autoselect sample 7E Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF7D Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF7D23 Jun 13 11:21:07.310: TTY12 Autoselect cmd: ppp negotiate Jun 13 11:21:07.310: TTY12: destroy timer type 0 (OK) Jun 13 11:21:07.314: TTY12: EXEC creation Jun 13 11:21:07.314: TTY12: create timer type 0, 43180 seconds Jun 13 11:21:07.314: TTY12: create timer type 1, 1200 seconds Jun 13 11:21:07.318: TTY12: destroy timer type 1 (OK) Jun 13 11:21:07.318: TTY12: destroy timer type 0 (OK) Jun 13 11:21:07.318: TTY12: create timer type 2, 43200 seconds Jun 13 11:21:07.318: TTY12: create timer type 0, 43200 seconds Jun 13 11:21:10.558: AAA/MEMORY: create_user (0x60FD78E8) user='elcom_w' ruser='' port='Async12' rem_addr='async' authen_type=PAP service=PPP priv=1 Jun 13 11:21:10.558: RADIUS: ustruct sharecount=1 Jun 13 11:21:10.558: RADIUS: Initial Transmit Async12 id 157 213.242.54.xxx:1645, Access-Request, len 77 Jun 13 11:21:10.558: Attribute 4 6 D5F236E1 Jun 13 11:21:10.558: Attribute 5 6 0000000C Jun 13 11:21:10.558: Attribute 61 6 00000000 Jun 13 11:21:10.558: Attribute 1 9 656C636F Jun 13 11:21:10.558: Attribute 2 18 C90B9579 Jun 13 11:21:10.558: Attribute 6 6 00000002 Jun 13 11:21:10.558: Attribute 7 6 00000001 Jun 13 11:21:10.582: RADIUS: Received from id 157 213.242.54.xxx:1645, Access-Accept, len 50 Jun 13 11:21:10.582: Attribute 6 6 00000002 Jun 13 11:21:10.582: Attribute 7 6 00000001 Jun 13 11:21:10.582: Attribute 9 6 FFFFFFFE Jun 13 11:21:10.582: Attribute 27 6 7FD1AF4F Jun 13 11:21:10.582: Attribute 28 6 000004B0 Jun 13 11:21:10.582: RADIUS: saved authorization data for user 60FD78E8 at 6102B914 Jun 13 11:21:10.582: As12 AAA/AUTHOR/LCP (1603074679): found list "default" Jun 13 11:21:10.582: As12 AAA/DISC: 1/"User Request" Jun 13 11:21:10.582: As12 AAA/DISC/EXT: 1020/"User Request" Jun 13 11:21:10.586: AAA/ACCT/NET: Found list "default" Jun 13 11:21:10.586: As12 AAA/AUTHOR/FSM (3360470138): found list "default" Jun 13 11:21:10.586: As12 AAA/AUTHOR/FSM (3938440701): found list "default" Jun 13 11:21:10.586: RADIUS: ustruct sharecount=4 Jun 13 11:21:10.590: RADIUS: Initial Transmit Async12 id 158 213.242.54.xxx:1646, Accounting-Request, len 87 Jun 13 11:21:10.590: Attribute 4 6 D5F236E1 Jun 13 11:21:10.590: Attribute 5 6 0000000C Jun 13 11:21:10.590: Attribute 61 6 00000000 Jun 13 11:21:10.590: Attribute 1 9 656C636F Jun 13 11:21:10.590: Attribute 40 6 00000001 Jun 13 11:21:10.590: Attribute 45 6 00000001 Jun 13 11:21:10.590: Attribute 6 6 00000002 Jun 13 11:21:10.590: Attribute 44 10 30303030 Jun 13 11:21:10.590: Attribute 7 6 00000001 Jun 13 11:21:10.590: Attribute 41 6 00000000 Jun 13 11:21:10.602: RADIUS: Received from id 158 213.242.54.xxx:1646, Accounting-response, len 20 Jun 13 11:21:10.922: As12 AAA/AUTHOR/IPCP (3934615531): found list "default" Jun 13 11:21:10.922: RADIUS: ustruct sharecount=4 Jun 13 11:21:10.926: RADIUS: Initial Transmit Async12 id 159 213.242.54.xxx:1646, Accounting-Request, len 93 Jun 13 11:21:10.926: Attribute 4 6 D5F236E1 Jun 13 11:21:10.926: Attribute 5 6 0000000C Jun 13 11:21:10.926: Attribute 61 6 00000000 Jun 13 11:21:10.926: Attribute 1 9 656C636F Jun 13 11:21:10.926: Attribute 40 6 00000003 Jun 13 11:21:10.926: Attribute 45 6 00000001 Jun 13 11:21:10.926: Attribute 6 6 00000002 Jun 13 11:21:10.926: Attribute 44 10 30303030 Jun 13 11:21:10.926: Attribute 7 6 00000001 Jun 13 11:21:10.926: Attribute 8 6 D5F236F9 Jun 13 11:21:10.926: Attribute 41 6 00000000 Jun 13 11:21:10.938: RADIUS: Received from id 159 213.242.54.xxx:1646, Accounting-response, len 20 Jun 13 17:21:20 Karachi: %SEC-6-IPACCESSLOGP: list 101 denied udp 213.242.54.99(137) -> 213.242.54.255(137), 11 packets cisco-3640-i#terminal no monitor cisco-3640-i#
Current configuration: ! ! Last configuration change at 17:23:05 Karachi Wed Jun 13 2001 by admcisco0 ! NVRAM config last updated at 17:05:43 Karachi Tue May 29 2001 by admcisco0 ! version 12.0 service timestamps debug datetime msec service timestamps log datetime localtime show-timezone no service password-encryption ! hostname cisco-3640-i ! no logging buffered no logging console aaa new-model aaa authentication login default group radius local aaa authentication login admin local aaa authentication ppp default if-needed group radius local aaa authorization exec default group radius if-authenticated aaa authorization network default if-authenticated group radius aaa accounting update newinfo aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius enable secret 5 xxx enable password xxx ! username xxx password 0 xxx ! ! ! ! clock timezone Karachi 5 clock summer-time Karachi-summer recurring last Sun Mar 2:00 last Sun Sep 2:00 ip subnet-zero ip host ns.buzuluk.ru 213.242.54.227 ip host proxy-elcom.buzuluk.ru 213.242.54.230 ip host rack0-elcom.buzuluk.ru 213.242.54.226 ip host cisco0-elcom.buzuluk.ru 213.242.54.225 ip domain-name buzuluk.ru ip name-server 213.242.54.227 ! async-bootp dns-server 213.242.54.227 195.128.128.1 modemcap entry zyxel336:FD=&F:AA=S0=1:CD=&C1:DTR=&D2:HFL=&H3:SPD=&B1:DTE=57600:BER=&M4:BCP=&K4:NER=&H0:NCP=&K0:NEC=E0:NRS=Q1:SFL=&H4:TPL=zyxel336 modemcap entry test:FD=&F:AA=S0=1:CD=&C1:DTR=&D2:SPD=&B1:DTE=57600:NEC=E0:NRS=Q1 ! ! ! interface Loopback0 no ip address no ip directed-broadcast ! interface Ethernet1/0 bandwidth 10000 ip address 213.242.54.xxx 255.255.255.224 no ip directed-broadcast ! interface Serial1/0 bandwidth 128 ip address 213.242.53.xxx 255.255.255.252 ip access-group 101 in ip access-group 102 out no ip directed-broadcast ip accounting access-violations fair-queue 64 256 0 ! interface Serial1/1 no ip address no ip directed-broadcast shutdown ! interface Group-Async1 mtu 8832 ip unnumbered Ethernet1/0 no ip directed-broadcast ip accounting access-violations encapsulation ppp ip tcp header-compression passive no logging event link-status timeout absolute 720 0 dialer in-band dialer idle-timeout 1800 dialer enable-timeout 43200 dialer-group 1 autodetect encapsulation ppp async mode interactive peer default ip address pool use_pool no fair-queue ppp max-bad-auth 3 ppp authentication pap ppp authorization ppp accounting group-range 1 16 hold-queue 10 in ! router rip version 2 passive-interface Serial1/0 network 213.242.54.0 no auto-summary ! ip local pool use_pool 213.242.54.238 213.242.54.254 ip classless ip route 0.0.0.0 0.0.0.0 Serial1/0 no ip http server ! ! ip access-list extended kons permit tcp 20.18.22.0 225.225.225.192 any eq domain logging facility local0 logging source-interface Ethernet1/0 logging 213.242.54.227 access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny udp any any range netbios-ns netbios-ss log access-list 101 deny tcp any any range 137 139 log access-list 101 deny udp any any eq 31337 log access-list 101 deny tcp any any eq telnet log access-list 101 deny tcp any any range exec lpd log access-list 101 deny udp any any eq sunrpc log access-list 101 deny tcp any any eq sunrpc log access-list 101 deny udp any any eq xdmcp log access-list 101 deny tcp any any eq 177 log access-list 101 deny tcp any any range 6000 6063 log access-list 101 deny udp any any range 6000 6063 log access-list 101 deny udp any any range biff syslog log access-list 101 deny tcp any any eq 11 log access-list 101 deny udp any any eq tftp log access-list 101 deny tcp any any eq 1645 log access-list 101 deny tcp any any eq 1646 log access-list 101 deny tcp any any eq 22 log access-list 101 deny tcp any any eq 37 log access-list 101 deny tcp any any eq 1080 log access-list 101 deny tcp any any eq 3050 log access-list 101 deny tcp any any eq 3306 log access-list 101 deny tcp any any eq 98 log access-list 101 deny tcp any any eq cmd log access-list 101 deny tcp any any eq finger log access-list 101 deny tcp any any eq ident log access-list 101 deny tcp any any eq login log access-list 101 deny tcp any any eq klogin log access-list 101 deny tcp any any eq kshell log access-list 101 deny tcp any any eq lpd log access-list 101 deny tcp any any eq pim-auto-rp log access-list 101 deny tcp any any eq pop2 log access-list 101 deny tcp any any eq tacacs log access-list 101 deny tcp any any eq talk log access-list 101 deny tcp any any eq uucp log access-list 101 deny tcp any any eq whois log access-list 101 deny tcp host 62.212.34.90 0.0.0.33 213.242.54.222 eq www log access-list 101 deny tcp host 62.212.34.51 0.0.0.33 213.242.54.222 eq www log access-list 101 deny tcp host 62.212.34.53 0.0.0.33 213.242.54.222 eq www log access-list 101 deny tcp host 62.212.34.55 0.0.0.33 213.242.54.222 eq www log access-list 101 deny ip host 62.212.46.99 0.0.0.33 213.242.54.222 log access-list 101 deny ip host 207.106.163.126 0.0.0.0 255.255.255.192 log access-list 101 permit ip any any access-list 102 permit ip 213.242.54.224 0.0.0.31 any access-list 102 deny ip any any access-list 102 deny tcp any any eq 1645 log access-list 102 deny tcp any any eq 1646 log access-list 103 deny tcp any any eq telnet log access-list 105 deny tcp any 0.0.0.1 255.255.255.224 eq telnet log access-list 105 deny tcp any 0.0.0.3 255.255.255.224 eq telnet log access-list 105 deny tcp any 0.0.0.5 255.255.255.224 eq telnet log access-list 105 deny tcp any 0.0.0.6 255.255.255.224 eq telnet log access-list 105 permit ip any any access-list 105 permit tcp any any access-list 105 permit tcp any any eq telnet log dialer-list 1 protocol ip permit snmp-server engineID local 000000090200000196EB5D11 snmp-server community xxx RO radius-server host 213.242.54.xxx auth-port 1645 acct-port 1646 radius-server key xxx ! line con 0 exec-timeout 0 0 password xxx login authentication admin transport input none line 1 16 session-timeout 720 exec-timeout 20 0 autoselect ppp absolute-timeout 720 modem Dialin modem autoconfigure type test transport input all escape-character BREAK telnet break-on-ip stopbits 1 speed 57600 line aux 0 line vty 0 4 exec-timeout 0 0 password xxx login authentication admin ! ntp broadcastdelay 9999 ntp clock-period 17179880 ntp source Serial1/0 ntp master 3 ntp server 192.93.2.20 source Serial1/0 prefer end
Sat Jun 16 14:24:11 2001: DEBUG: Packet dump: *** Received from 213.242.54.225 port 1645 .... Code: Access-Request Identifier: 84 Authentic: <192><202> <230><19>?{MC<191>9\<186><7>n<127> Attributes: NAS-IP-Address = 213.242.54.225 NAS-Port = 12 NAS-Port-Type = Async User-Name = "elcom_w" User-Password = "<194><251><175><5>&n<137><247><129>X<7>h<255><18><196><154>" Service-Type = Framed-User Framed-Protocol = PPP Sat Jun 16 14:24:11 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Sat Jun 16 14:24:11 2001: DEBUG: Rewrote user name to ELCOM_W Sat Jun 16 14:24:11 2001: DEBUG: ID_0 Deleting session for elcom_w, 213.242.54.225, 12 Sat Jun 16 14:24:11 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER = '213.242.54.225' and NASPORT=012 Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL Sat Jun 16 14:24:11 2001: DEBUG: Query is: select CISCO_USER_PASSWORD, CHECKATTR, REPLYATTR, CISCO_SESSION_TIMEOUT, CISCO_IDLE_TIMEOUT, CISCO_SIMULTANEOUS_USE from SUBSCRIBERS where UPPER(CISCO_USER_NAME) = UPPER('ELCOM_W') and CISCO_SESSION_TIMEOUT > 600 and ENABLED = 1 and STATUS <> 3 Sat Jun 16 14:24:11 2001: DEBUG: Radius::AuthSQL looks for match with ELCOM_W Sat Jun 16 14:24:11 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where UPPER(USERNAME) = UPPER('elcom_w') Sat Jun 16 14:24:11 2001: DEBUG: Radius::AuthSQL ACCEPT: Sat Jun 16 14:24:11 2001: DEBUG: Access accepted for ELCOM_W Sat Jun 16 14:24:11 2001: DEBUG: Packet dump: *** Sending to 213.242.54.225 port 1645 .... Code: Access-Accept Identifier: 84 Authentic: <192><202> <230><19>?{MC<191>9\<186><7>n<127> Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.254 Session-Timeout = 29290 Idle-Timeout = 1200 Sat Jun 16 14:24:11 2001: DEBUG: Packet dump: *** Received from 213.242.54.225 port 1646 .... Code: Accounting-Request Identifier: 85 Authentic: <138><29>J<166><137>M<158><153><227>k<186><162><206>w.<206> Attributes: NAS-IP-Address = 213.242.54.225 NAS-Port = 12 NAS-Port-Type = Async User-Name = "elcom_w" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "000045DD" Framed-Protocol = PPP Acct-Delay-Time = 0 Sat Jun 16 14:24:11 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Sat Jun 16 14:24:11 2001: DEBUG: Rewrote user name to ELCOM_W Sat Jun 16 14:24:11 2001: DEBUG: ID_0 Adding session for elcom_w, 213.242.54.225, 12 Sat Jun 16 14:24:11 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER = '213.242.54.225' and NASPORT=012 Sat Jun 16 14:24:11 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('elcom_w', '213.242.54.225', 012, '000045DD', 992679851, '', 'Async', 'Framed-User') Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL Sat Jun 16 14:24:11 2001: DEBUG: Handling accounting with Radius::AuthSQL Sat Jun 16 14:24:11 2001: DEBUG: Accounting accepted Sat Jun 16 14:24:11 2001: DEBUG: Packet dump: *** Sending to 213.242.54.225 port 1646 .... Code: Accounting-Response Identifier: 85 Authentic: <138><29>J<166><137>M<158><153><227>k<186><162><206>w.<206> Attributes: Sat Jun 16 14:24:11 2001: DEBUG: Packet dump: *** Received from 213.242.54.225 port 1646 .... Code: Accounting-Request Identifier: 86 Authentic: <218><183><195><207>V<134>"<230>%<164><168><217><9><16>79 Attributes: NAS-IP-Address = 213.242.54.225 NAS-Port = 12 NAS-Port-Type = Async User-Name = "elcom_w" Acct-Status-Type = Alive Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "000045DD" Framed-Protocol = PPP Framed-IP-Address = 213.242.54.250 Acct-Delay-Time = 0 Sat Jun 16 14:24:11 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Sat Jun 16 14:24:11 2001: DEBUG: Rewrote user name to ELCOM_W Sat Jun 16 14:24:11 2001: DEBUG: ID_0 Adding session for elcom_w, 213.242.54.225, 12 Sat Jun 16 14:24:11 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER = '213.242.54.225' and NASPORT=012 Sat Jun 16 14:24:11 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('elcom_w', '213.242.54.225', 012, '000045DD', 992679851, '213.242.54.250', 'Async', 'Framed-User') Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL Sat Jun 16 14:24:11 2001: DEBUG: Handling accounting with Radius::AuthSQL Sat Jun 16 14:24:11 2001: DEBUG: Accounting accepted Sat Jun 16 14:24:11 2001: DEBUG: Packet dump: *** Sending to 213.242.54.225 port 1646 .... Code: Accounting-Response Identifier: 86 Authentic: <218><183><195><207>V<134>"<230>%<164><168><217><9><16>79 Attributes: Sat Jun 16 14:24:33 2001: NOTICE: SIGHUP received: restarting
Handling radius filter '' Done radius filter '' interface: eth0 (213.242.54.eth/255.255.255.224) filter1: udp and port 1645 filter: udp and port 1645 Src: 213.242.54.nas Dst: 213.242.54.nas Packet: total filters 0 - showpkt 1 Request (30) - 213.242.54.nas:1645 -> 213.242.54.host:1645 (L[19/05/01 11:43:06] NAS-IP-Address Len 6 213.242.54.nas NAS-Port Len 6 7 NAS-Port-Type Len 6 Async User-Name Len 6 "bztm" Password Len 18 "xxx" Service-Type Len 6 Framed-User Framed-Protocol Len 6 PPP Src: 213.242.54.host Dst: 213.242.54.host Packet: total filters 0 - showpkt 1 Accept (30) - 213.242.54.nas:1645 <- 213.242.54.host:1645 (L[19/05/01 11:43:06] Service-Type Len 6 Framed-User Framed-Protocol Len 6 PPP Framed-Netmask Len 6 255.255.255.254 Session-Timeout Len 6 2147169563 Idle-Timeout Len 6 1200