christian.steger at upc
Oct 19, 2009, 1:44 AM
Post #1 of 1
(1480 views)
Permalink
|
|
LNS - vpdn dialout question with cisco ACS
|
|
hello there,
i am trying to setup an szenaria where my LNS should created dynamically an l2tp tunnel
while requesting the tunnel parameters from the ACS for an specific group of users. (Service-Type Outbound!)
the IOS will be used is "c7200p-advipservicesk9-mz.124-4.XD10.bin"
as you can see below i have setup the required tunnel parameters:
(received while doing an "debug aaa author")
Oct 19 06:41:05.848 MET-DST: ppp1599 AAA/AUTHOR/LCP: Authorization succeeds trivially
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: service-type
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-type
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-medium-type
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-server-endpoint
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: tunnel-password
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: vpdn-group
Oct 19 06:41:06.872 MET-DST: ppp1599 PPP/AAA: Check Attr: addr
Oct 19 06:41:06.876 MET-DST: AAA/BIND(001E59C9): Bind i/f Virtual-Access3.634
Oct 19 06:41:06.876 MET-DST: Vi3.634 AAA/AUTHOR/LCP: Process Author
Oct 19 06:41:06.876 MET-DST: Vi3.634 AAA/AUTHOR/LCP: Process Attr: service-type
Oct 19 06:41:06.876 MET-DST: Vi3.634 AAA/AUTHOR/LCP: Unsupported Service-Type: 5. No supported types found.
i actually did not find any reasons where the problem could be. - i guess the "unsupported service-type" means
the "Outbound" call - what is the problem that he cannot setup an l2tp tunnel?
here is the output from the "debug radius auth":
Oct 19 06:46:58.504 MET-DST: RADIUS(001E5A06): Send Access-Request to xxx.xxx.xxx.42:1645 id 1645/19, len 149
Oct 19 06:46:58.504 MET-DST: RADIUS: authenticator ED ED 36 23 9F AD 5C 0B - D2 1B FB 6D 7F 03 5E DD
Oct 19 06:46:58.504 MET-DST: RADIUS: Framed-Protocol [7] 6 PPP [1]
Oct 19 06:46:58.504 MET-DST: RADIUS: User-Name [1] 23 "xxx [at] xxx"
Oct 19 06:46:58.504 MET-DST: RADIUS: User-Password [2] 18 *
Oct 19 06:46:58.504 MET-DST: RADIUS: NAS-Port [5] 6 76
Oct 19 06:46:58.504 MET-DST: RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID76"
Oct 19 06:46:58.504 MET-DST: RADIUS: Calling-Station-Id [31] 14 "43xxxxxxxxxxx"
Oct 19 06:46:58.504 MET-DST: RADIUS: Called-Station-Id [30] 19 "i_am_the_nas"
Oct 19 06:46:58.504 MET-DST: RADIUS: Connect-Info [77] 9 "8640000"
Oct 19 06:46:58.504 MET-DST: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Oct 19 06:46:58.504 MET-DST: RADIUS: Service-Type [6] 6 Framed [2]
Oct 19 06:46:58.504 MET-DST: RADIUS: NAS-IP-Address [4] 6 xxx.xxx.48.202
Oct 19 06:46:58.512 MET-DST: RADIUS: Received from id 1646/173 xxx.xxx.xxx.42:1646, Accounting-response, len 20
Oct 19 06:46:58.516 MET-DST: RADIUS: Received from id 1645/19 xxx.xxx.xxx.42:1645, Access-Accept, len 123
Oct 19 06:46:58.516 MET-DST: RADIUS: authenticator 9F 8E 66 16 EE 4F E4 AD - BA B9 09 CF 67 4C 23 9D
Oct 19 06:46:58.516 MET-DST: RADIUS: Service-Type [6] 6 Outbound [5]
Oct 19 06:46:58.516 MET-DST: RADIUS: Tunnel-Type [64] 6 01:L2TP [3]
Oct 19 06:46:58.516 MET-DST: RADIUS: Tunnel-Medium-Type [65] 6 01:IPv4 [1]
Oct 19 06:46:58.516 MET-DST: RADIUS: Tunnel-Server-Endpoi[67] 15 01:"xxx.xxx.48.140"
Oct 19 06:46:58.516 MET-DST: RADIUS: Tunnel-Password [69] 21 01:*
Oct 19 06:46:58.516 MET-DST: RADIUS: Tunnel-Assignment-Id[82] 12 01:"LAC_xxxx"
Oct 19 06:46:58.516 MET-DST: RADIUS: Framed-IP-Address [8] 6 xxx.xxx.100.5
Oct 19 06:46:58.516 MET-DST: RADIUS: Class [25] 31
thanks for any help. - of course an static setup would be work fine, but iŽd like to prefer an dynamic setup.
thanks for any answers/suggestions
chris
This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence. Thank you for your cooperation.
Information pursuant to paragraph 14 Austrian Companies Code: UPC Austria GmbH; Registered Office: Wolfganggasse 58-60, 1120 Vienna Company Register Number: FN 189858d at the Commercial Court of Vienna
_______________________________________________
cisco-nas mailing list
cisco-nas [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nas
|
