Hello,
I never think that it's will be problem. I don't guru in
Cisco-systems, but all changes in config I make how it's was descript
into "PPP Per-User Timeouts" (link from Radiator FAQ).
When I make all changes (see cisco.config.txt) I don't get wanted result.
I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I
see that Cisco get it and then lost or hide it.
All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt),
Radstock(rad.log.txt) show that attributes exist, but NAS never apply it.
May be somebody have this problem?
--
Best regards,
Alexey Korchagin mailto:[EMAIL PROTECTED]
Jun 13 11:21:06.346: TTY12: DSR came up
Jun 13 11:21:06.346: tty12: Modem: IDLE->(unknown)
Jun 13 11:21:06.346: TTY12: Autoselect started
Jun 13 11:21:06.346: TTY12: create timer type 0, 120 seconds
Jun 13 11:21:07.310: TTY12: Autoselect sample 7E
Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF
Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF7D
Jun 13 11:21:07.310: TTY12: Autoselect sample 7EFF7D23
Jun 13 11:21:07.310: TTY12 Autoselect cmd: ppp negotiate
Jun 13 11:21:07.310: TTY12: destroy timer type 0 (OK)
Jun 13 11:21:07.314: TTY12: EXEC creation
Jun 13 11:21:07.314: TTY12: create timer type 0, 43180 seconds
Jun 13 11:21:07.314: TTY12: create timer type 1, 1200 seconds
Jun 13 11:21:07.318: TTY12: destroy timer type 1 (OK)
Jun 13 11:21:07.318: TTY12: destroy timer type 0 (OK)
Jun 13 11:21:07.318: TTY12: create timer type 2, 43200 seconds
Jun 13 11:21:07.318: TTY12: create timer type 0, 43200 seconds
Jun 13 11:21:10.558: AAA/MEMORY: create_user (0x60FD78E8) user='elcom_w' ruser=''
port='Async12' rem_addr='async' authen_type=PAP service=PPP priv=1
Jun 13 11:21:10.558: RADIUS: ustruct sharecount=1
Jun 13 11:21:10.558: RADIUS: Initial Transmit Async12 id 157 213.242.54.xxx:1645,
Access-Request, len 77
Jun 13 11:21:10.558: Attribute 4 6 D5F236E1
Jun 13 11:21:10.558: Attribute 5 6 0000000C
Jun 13 11:21:10.558: Attribute 61 6 00000000
Jun 13 11:21:10.558: Attribute 1 9 656C636F
Jun 13 11:21:10.558: Attribute 2 18 C90B9579
Jun 13 11:21:10.558: Attribute 6 6 00000002
Jun 13 11:21:10.558: Attribute 7 6 00000001
Jun 13 11:21:10.582: RADIUS: Received from id 157 213.242.54.xxx:1645, Access-Accept,
len 50
Jun 13 11:21:10.582: Attribute 6 6 00000002
Jun 13 11:21:10.582: Attribute 7 6 00000001
Jun 13 11:21:10.582: Attribute 9 6 FFFFFFFE
Jun 13 11:21:10.582: Attribute 27 6 7FD1AF4F
Jun 13 11:21:10.582: Attribute 28 6 000004B0
Jun 13 11:21:10.582: RADIUS: saved authorization data for user 60FD78E8 at 6102B914
Jun 13 11:21:10.582: As12 AAA/AUTHOR/LCP (1603074679): found list "default"
Jun 13 11:21:10.582: As12 AAA/DISC: 1/"User Request"
Jun 13 11:21:10.582: As12 AAA/DISC/EXT: 1020/"User Request"
Jun 13 11:21:10.586: AAA/ACCT/NET: Found list "default"
Jun 13 11:21:10.586: As12 AAA/AUTHOR/FSM (3360470138): found list "default"
Jun 13 11:21:10.586: As12 AAA/AUTHOR/FSM (3938440701): found list "default"
Jun 13 11:21:10.586: RADIUS: ustruct sharecount=4
Jun 13 11:21:10.590: RADIUS: Initial Transmit Async12 id 158 213.242.54.xxx:1646,
Accounting-Request, len 87
Jun 13 11:21:10.590: Attribute 4 6 D5F236E1
Jun 13 11:21:10.590: Attribute 5 6 0000000C
Jun 13 11:21:10.590: Attribute 61 6 00000000
Jun 13 11:21:10.590: Attribute 1 9 656C636F
Jun 13 11:21:10.590: Attribute 40 6 00000001
Jun 13 11:21:10.590: Attribute 45 6 00000001
Jun 13 11:21:10.590: Attribute 6 6 00000002
Jun 13 11:21:10.590: Attribute 44 10 30303030
Jun 13 11:21:10.590: Attribute 7 6 00000001
Jun 13 11:21:10.590: Attribute 41 6 00000000
Jun 13 11:21:10.602: RADIUS: Received from id 158 213.242.54.xxx:1646,
Accounting-response, len 20
Jun 13 11:21:10.922: As12 AAA/AUTHOR/IPCP (3934615531): found list "default"
Jun 13 11:21:10.922: RADIUS: ustruct sharecount=4
Jun 13 11:21:10.926: RADIUS: Initial Transmit Async12 id 159 213.242.54.xxx:1646,
Accounting-Request, len 93
Jun 13 11:21:10.926: Attribute 4 6 D5F236E1
Jun 13 11:21:10.926: Attribute 5 6 0000000C
Jun 13 11:21:10.926: Attribute 61 6 00000000
Jun 13 11:21:10.926: Attribute 1 9 656C636F
Jun 13 11:21:10.926: Attribute 40 6 00000003
Jun 13 11:21:10.926: Attribute 45 6 00000001
Jun 13 11:21:10.926: Attribute 6 6 00000002
Jun 13 11:21:10.926: Attribute 44 10 30303030
Jun 13 11:21:10.926: Attribute 7 6 00000001
Jun 13 11:21:10.926: Attribute 8 6 D5F236F9
Jun 13 11:21:10.926: Attribute 41 6 00000000
Jun 13 11:21:10.938: RADIUS: Received from id 159 213.242.54.xxx:1646,
Accounting-response, len 20
Jun 13 17:21:20 Karachi: %SEC-6-IPACCESSLOGP: list 101 denied udp 213.242.54.99(137)
-> 213.242.54.255(137), 11 packets
cisco-3640-i#terminal no monitor
cisco-3640-i#
Current configuration:
!
! Last configuration change at 17:23:05 Karachi Wed Jun 13 2001 by admcisco0
! NVRAM config last updated at 17:05:43 Karachi Tue May 29 2001 by admcisco0
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
no service password-encryption
!
hostname cisco-3640-i
!
no logging buffered
no logging console
aaa new-model
aaa authentication login default group radius local
aaa authentication login admin local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization network default if-authenticated group radius
aaa accounting update newinfo
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
enable secret 5 xxx
enable password xxx
!
username xxx password 0 xxx
!
!
!
!
clock timezone Karachi 5
clock summer-time Karachi-summer recurring last Sun Mar 2:00 last Sun Sep 2:00
ip subnet-zero
ip host ns.buzuluk.ru 213.242.54.227
ip host proxy-elcom.buzuluk.ru 213.242.54.230
ip host rack0-elcom.buzuluk.ru 213.242.54.226
ip host cisco0-elcom.buzuluk.ru 213.242.54.225
ip domain-name buzuluk.ru
ip name-server 213.242.54.227
!
async-bootp dns-server 213.242.54.227 195.128.128.1
modemcap entry
zyxel336:FD=&F:AA=S0=1:CD=&C1:DTR=&D2:HFL=&H3:SPD=&B1:DTE=57600:BER=&M4:BCP=&K4:NER=&H0:NCP=&K0:NEC=E0:NRS=Q1:SFL=&H4:TPL=zyxel336
modemcap entry test:FD=&F:AA=S0=1:CD=&C1:DTR=&D2:SPD=&B1:DTE=57600:NEC=E0:NRS=Q1
!
!
!
interface Loopback0
no ip address
no ip directed-broadcast
!
interface Ethernet1/0
bandwidth 10000
ip address 213.242.54.xxx 255.255.255.224
no ip directed-broadcast
!
interface Serial1/0
bandwidth 128
ip address 213.242.53.xxx 255.255.255.252
ip access-group 101 in
ip access-group 102 out
no ip directed-broadcast
ip accounting access-violations
fair-queue 64 256 0
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Group-Async1
mtu 8832
ip unnumbered Ethernet1/0
no ip directed-broadcast
ip accounting access-violations
encapsulation ppp
ip tcp header-compression passive
no logging event link-status
timeout absolute 720 0
dialer in-band
dialer idle-timeout 1800
dialer enable-timeout 43200
dialer-group 1
autodetect encapsulation ppp
async mode interactive
peer default ip address pool use_pool
no fair-queue
ppp max-bad-auth 3
ppp authentication pap
ppp authorization
ppp accounting
group-range 1 16
hold-queue 10 in
!
router rip
version 2
passive-interface Serial1/0
network 213.242.54.0
no auto-summary
!
ip local pool use_pool 213.242.54.238 213.242.54.254
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/0
no ip http server
!
!
ip access-list extended kons
permit tcp 20.18.22.0 225.225.225.192 any eq domain
logging facility local0
logging source-interface Ethernet1/0
logging 213.242.54.227
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny udp any any range netbios-ns netbios-ss log
access-list 101 deny tcp any any range 137 139 log
access-list 101 deny udp any any eq 31337 log
access-list 101 deny tcp any any eq telnet log
access-list 101 deny tcp any any range exec lpd log
access-list 101 deny udp any any eq sunrpc log
access-list 101 deny tcp any any eq sunrpc log
access-list 101 deny udp any any eq xdmcp log
access-list 101 deny tcp any any eq 177 log
access-list 101 deny tcp any any range 6000 6063 log
access-list 101 deny udp any any range 6000 6063 log
access-list 101 deny udp any any range biff syslog log
access-list 101 deny tcp any any eq 11 log
access-list 101 deny udp any any eq tftp log
access-list 101 deny tcp any any eq 1645 log
access-list 101 deny tcp any any eq 1646 log
access-list 101 deny tcp any any eq 22 log
access-list 101 deny tcp any any eq 37 log
access-list 101 deny tcp any any eq 1080 log
access-list 101 deny tcp any any eq 3050 log
access-list 101 deny tcp any any eq 3306 log
access-list 101 deny tcp any any eq 98 log
access-list 101 deny tcp any any eq cmd log
access-list 101 deny tcp any any eq finger log
access-list 101 deny tcp any any eq ident log
access-list 101 deny tcp any any eq login log
access-list 101 deny tcp any any eq klogin log
access-list 101 deny tcp any any eq kshell log
access-list 101 deny tcp any any eq lpd log
access-list 101 deny tcp any any eq pim-auto-rp log
access-list 101 deny tcp any any eq pop2 log
access-list 101 deny tcp any any eq tacacs log
access-list 101 deny tcp any any eq talk log
access-list 101 deny tcp any any eq uucp log
access-list 101 deny tcp any any eq whois log
access-list 101 deny tcp host 62.212.34.90 0.0.0.33 213.242.54.222 eq www log
access-list 101 deny tcp host 62.212.34.51 0.0.0.33 213.242.54.222 eq www log
access-list 101 deny tcp host 62.212.34.53 0.0.0.33 213.242.54.222 eq www log
access-list 101 deny tcp host 62.212.34.55 0.0.0.33 213.242.54.222 eq www log
access-list 101 deny ip host 62.212.46.99 0.0.0.33 213.242.54.222 log
access-list 101 deny ip host 207.106.163.126 0.0.0.0 255.255.255.192 log
access-list 101 permit ip any any
access-list 102 permit ip 213.242.54.224 0.0.0.31 any
access-list 102 deny ip any any
access-list 102 deny tcp any any eq 1645 log
access-list 102 deny tcp any any eq 1646 log
access-list 103 deny tcp any any eq telnet log
access-list 105 deny tcp any 0.0.0.1 255.255.255.224 eq telnet log
access-list 105 deny tcp any 0.0.0.3 255.255.255.224 eq telnet log
access-list 105 deny tcp any 0.0.0.5 255.255.255.224 eq telnet log
access-list 105 deny tcp any 0.0.0.6 255.255.255.224 eq telnet log
access-list 105 permit ip any any
access-list 105 permit tcp any any
access-list 105 permit tcp any any eq telnet log
dialer-list 1 protocol ip permit
snmp-server engineID local 000000090200000196EB5D11
snmp-server community xxx RO
radius-server host 213.242.54.xxx auth-port 1645 acct-port 1646
radius-server key xxx
!
line con 0
exec-timeout 0 0
password xxx
login authentication admin
transport input none
line 1 16
session-timeout 720
exec-timeout 20 0
autoselect ppp
absolute-timeout 720
modem Dialin
modem autoconfigure type test
transport input all
escape-character BREAK
telnet break-on-ip
stopbits 1
speed 57600
line aux 0
line vty 0 4
exec-timeout 0 0
password xxx
login authentication admin
!
ntp broadcastdelay 9999
ntp clock-period 17179880
ntp source Serial1/0
ntp master 3
ntp server 192.93.2.20 source Serial1/0 prefer
end
Sat Jun 16 14:24:11 2001: DEBUG: Packet dump:
*** Received from 213.242.54.225 port 1645 ....
Code: Access-Request
Identifier: 84
Authentic: <192><202> <230><19>?{MC<191>9\<186><7>n<127>
Attributes:
NAS-IP-Address = 213.242.54.225
NAS-Port = 12
NAS-Port-Type = Async
User-Name = "elcom_w"
User-Password = "<194><251><175><5>&n<137><247><129>X<7>h<255><18><196><154>"
Service-Type = Framed-User
Framed-Protocol = PPP
Sat Jun 16 14:24:11 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Sat Jun 16 14:24:11 2001: DEBUG: Rewrote user name to ELCOM_W
Sat Jun 16 14:24:11 2001: DEBUG: ID_0 Deleting session for elcom_w, 213.242.54.225, 12
Sat Jun 16 14:24:11 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER = '213.242.54.225' and NASPORT=012
Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL
Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL
Sat Jun 16 14:24:11 2001: DEBUG: Query is: select CISCO_USER_PASSWORD, CHECKATTR,
REPLYATTR, CISCO_SESSION_TIMEOUT, CISCO_IDLE_TIMEOUT, CISCO_SIMULTANEOUS_USE from
SUBSCRIBERS where UPPER(CISCO_USER_NAME) = UPPER('ELCOM_W') and CISCO_SESSION_TIMEOUT
> 600 and ENABLED = 1 and STATUS <> 3
Sat Jun 16 14:24:11 2001: DEBUG: Radius::AuthSQL looks for match with ELCOM_W
Sat Jun 16 14:24:11 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID from RADONLINE where UPPER(USERNAME) = UPPER('elcom_w')
Sat Jun 16 14:24:11 2001: DEBUG: Radius::AuthSQL ACCEPT:
Sat Jun 16 14:24:11 2001: DEBUG: Access accepted for ELCOM_W
Sat Jun 16 14:24:11 2001: DEBUG: Packet dump:
*** Sending to 213.242.54.225 port 1645 ....
Code: Access-Accept
Identifier: 84
Authentic: <192><202> <230><19>?{MC<191>9\<186><7>n<127>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.254
Session-Timeout = 29290
Idle-Timeout = 1200
Sat Jun 16 14:24:11 2001: DEBUG: Packet dump:
*** Received from 213.242.54.225 port 1646 ....
Code: Accounting-Request
Identifier: 85
Authentic: <138><29>J<166><137>M<158><153><227>k<186><162><206>w.<206>
Attributes:
NAS-IP-Address = 213.242.54.225
NAS-Port = 12
NAS-Port-Type = Async
User-Name = "elcom_w"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "000045DD"
Framed-Protocol = PPP
Acct-Delay-Time = 0
Sat Jun 16 14:24:11 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Sat Jun 16 14:24:11 2001: DEBUG: Rewrote user name to ELCOM_W
Sat Jun 16 14:24:11 2001: DEBUG: ID_0 Adding session for elcom_w, 213.242.54.225, 12
Sat Jun 16 14:24:11 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER = '213.242.54.225' and NASPORT=012
Sat Jun 16 14:24:11 2001: DEBUG: do query is: insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
SERVICETYPE) values ('elcom_w', '213.242.54.225', 012, '000045DD', 992679851, '',
'Async', 'Framed-User')
Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL
Sat Jun 16 14:24:11 2001: DEBUG: Handling accounting with Radius::AuthSQL
Sat Jun 16 14:24:11 2001: DEBUG: Accounting accepted
Sat Jun 16 14:24:11 2001: DEBUG: Packet dump:
*** Sending to 213.242.54.225 port 1646 ....
Code: Accounting-Response
Identifier: 85
Authentic: <138><29>J<166><137>M<158><153><227>k<186><162><206>w.<206>
Attributes:
Sat Jun 16 14:24:11 2001: DEBUG: Packet dump:
*** Received from 213.242.54.225 port 1646 ....
Code: Accounting-Request
Identifier: 86
Authentic: <218><183><195><207>V<134>"<230>%<164><168><217><9><16>79
Attributes:
NAS-IP-Address = 213.242.54.225
NAS-Port = 12
NAS-Port-Type = Async
User-Name = "elcom_w"
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "000045DD"
Framed-Protocol = PPP
Framed-IP-Address = 213.242.54.250
Acct-Delay-Time = 0
Sat Jun 16 14:24:11 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Sat Jun 16 14:24:11 2001: DEBUG: Rewrote user name to ELCOM_W
Sat Jun 16 14:24:11 2001: DEBUG: ID_0 Adding session for elcom_w, 213.242.54.225, 12
Sat Jun 16 14:24:11 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER = '213.242.54.225' and NASPORT=012
Sat Jun 16 14:24:11 2001: DEBUG: do query is: insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
SERVICETYPE) values ('elcom_w', '213.242.54.225', 012, '000045DD', 992679851,
'213.242.54.250', 'Async', 'Framed-User')
Sat Jun 16 14:24:11 2001: DEBUG: Handling with Radius::AuthSQL
Sat Jun 16 14:24:11 2001: DEBUG: Handling accounting with Radius::AuthSQL
Sat Jun 16 14:24:11 2001: DEBUG: Accounting accepted
Sat Jun 16 14:24:11 2001: DEBUG: Packet dump:
*** Sending to 213.242.54.225 port 1646 ....
Code: Accounting-Response
Identifier: 86
Authentic: <218><183><195><207>V<134>"<230>%<164><168><217><9><16>79
Attributes:
Sat Jun 16 14:24:33 2001: NOTICE: SIGHUP received: restarting
Handling radius filter ''
Done radius filter ''
interface: eth0 (213.242.54.eth/255.255.255.224) filter1: udp and port 1645
filter: udp and port 1645
Src: 213.242.54.nas Dst: 213.242.54.nas
Packet: total filters 0 - showpkt 1
Request (30) - 213.242.54.nas:1645 -> 213.242.54.host:1645 (L[19/05/01 11:43:06]
NAS-IP-Address Len 6 213.242.54.nas
NAS-Port Len 6 7
NAS-Port-Type Len 6 Async
User-Name Len 6 "bztm"
Password Len 18 "xxx"
Service-Type Len 6 Framed-User
Framed-Protocol Len 6 PPP
Src: 213.242.54.host Dst: 213.242.54.host
Packet: total filters 0 - showpkt 1
Accept (30) - 213.242.54.nas:1645 <- 213.242.54.host:1645 (L[19/05/01 11:43:06]
Service-Type Len 6 Framed-User
Framed-Protocol Len 6 PPP
Framed-Netmask Len 6 255.255.255.254
Session-Timeout Len 6 2147169563
Idle-Timeout Len 6 1200
