PPPoE kliens fix IP-cím RADIUS-szervertől

A Cisco 892-FSP router párossal szerettem volna kipróbálni a RADIUS-hitelesítéssel PPPoE metodikával kiadott FIX-ip-címet.

CÉLKITŰZÉS:

- Négy darab kliens-router kapjon RADIUS hitelesítéssel a radius-SZERVER-től IP-címet ( nem az LNS-router local-pool-jából ! ) A címtartományok /26-os blokkok, netmaszk: 255.255.255.192

A törzs-szakaszban mellékelem a legfontosabb konfigurációs paramétereket, de előzetesen úgy vélem, hogy nincs alapvető konfigurációs hiba a rendszerben.

HIBAJELENSÉG:

a kliens Dialer1 interface-e nem kap IP-cimet, noha a show ip route parancs kimenetében látható az adequat IP-szám.

Hogyan történik a route-olás ( az LNS-routeren egyenként kell beállítani, vagy összevonható a teljes tartomány ?

a radius-szerverhez eljutott a kliens által indított hitelesítési kérelem a PPPoE-szerveren keresztül;

 

ALAPVETŐ RADIUS tesztelések:

cisco > test aaa group radius <felhasznalo-nev> <felhasznalo-jelszo> legacy

Attempting authentication test to server-group radius using radius

User was successfully authenticated.

 

freeradius> radtest <felhasznalo-nev> <felhasznalo-jelszo> <radius-host> 1812 <radius-secret>

a radius szervert leállítva, és freeradius -X paranccsal -debug üzemmódban- újraindítva látható volt, hogy rendben sikerült a hitelesítés, és Sent Access-Accept üzenet jelezte a sikert

 

KONFIGURÁCIÓK:

kettő darab Cisco 892 FSP router, 15.5-3 -as ISO-sel

freeRadius 3.0 with MySQL ( freeradius freeradius-mysql freeradius-utils )

a router-portok kábel-bekötése rendben,

FreeRadius konfiguráció:

freeradius dictionary : a dictionary.rfc2865-öt másoltam át

 

A freeradius clients.conf végére beírtam az alábbi hozzáfűzést (szándékosan /16-os blokkmérettel):

client mintabolt.com {

   ipaddr = 169.254.0.0/16

   secret = <radius-secret> # ehhez a klienshez beállított jelszó

   nas_type = cisco

}

 Cisco-KLIENS DEBUG INFORMÁCIÓK:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

hostname CPE_kliens

ip cef

interface GigabitEthernet8

   no shutdown

   pppoe enable group global

   pppoe-client dial-pool-number 1

!

interface GigabitEthernet9

   ip address 10.200.56.254 255.255.255.0

   no shutdown

!

interface Loopback0

   no shutdown

   ip address 10.254.0.1 255.255.255.255

!

interface Dialer1

   ip address negotiated

   ip mtu 1400

   no cdp enable

   encapsulation ppp

   dialer pool 1

   ppp chap hostname sierra@mintabolt.com

   ppp chap password sierra

!

ip route 0.0.0.0 0.0.0.0 Dialer1

exit

 

%LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

%SYS-5-CONFIG_I: Configured from console by console

%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up

%LINK-3-UPDOWN: Interface GigabitEthernet8, changed state to down

%LINK-3-UPDOWN: Interface GigabitEthernet9, changed state to down

%LINK-3-UPDOWN: Interface GigabitEthernet8, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet8, changed state to up

%DIALER-6-BIND: Interface Vi2 bound to profile Di1

%LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

 

Vi2 PPP: Sending cstate UP notification

Vi2 PPP: Processing CstateUp message

PPP: Alloc Context [1A80A5C]

 

ppp1 PPP: Phase is ESTABLISHING

Vi2 PPP: Using dialer call direction

Vi2 PPP: Treating connection as a callout

Vi2 PPP: Session handle[77000001] Session id[1]

Vi2 LCP: Event[OPEN] State[Initial to Starting]

Vi2 PPP: No remote authentication for call-out

Vi2 LCP: O CONFREQ [Starting] id 1 len 10

Vi2 LCP: MagicNumber 0x83926151 (0x050683926151)

Vi2 LCP: Event[UP] State[Starting to REQsent]

Vi2 LCP: I CONFREQ [REQsent] id 1 len 19

Vi2 LCP: MRU 1492 (0x010405D4)

Vi2 LCP: AuthProto CHAP (0x0305C22305)

Vi2 LCP: MagicNumber 0x839240C3 (0x0506839240C3)

Vi2 LCP: O CONFNAK [REQsent] id 1 len 8

Vi2 LCP: MRU 1500 (0x010405DC)

Vi2 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]

Vi2 LCP: I CONFACK [REQsent] id 1 len 10

Vi2 LCP: MagicNumber 0x83926151 (0x050683926151)

Vi2 LCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]

Vi2 LCP: I CONFREQ [ACKrcvd] id 2 len 19

Vi2 LCP: MRU 1500 (0x010405DC)

Vi2 LCP: AuthProto CHAP (0x0305C22305)

Vi2 LCP: MagicNumber 0x839240C3 (0x0506839240C3)

Vi2 LCP: O CONFACK [ACKrcvd] id 2 len 19

Vi2 LCP: MRU 1500 (0x010405DC)

Vi2 LCP: AuthProto CHAP (0x0305C22305)

Vi2 LCP: MagicNumber 0x839240C3 (0x0506839240C3)

Vi2 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]

 

Vi2 PPP: Queue CHAP code[1] id[1]

Vi2 PPP: Phase is AUTHENTICATING, by the peer

Vi2 CHAP: Redirect packet to Vi2

Vi2 CHAP: I CHALLENGE id 1 len 33 from "pppoe_SERVER"

Vi2 LCP: State is Open

Vi2 CHAP: Using hostname from interface CHAP

Vi2 CHAP: Using password from interface CHAP

Vi2 CHAP: O RESPONSE id 1 len 41 from "sierra@mintabolt.com"

Vi2 CHAP: I SUCCESS id 1 len 4

Vi2 PPP: Phase is FORWARDING, Attempting Forward

Vi2 PPP: Queue IPCP code[1] id[1]

Vi2 PPP: Phase is ESTABLISHING, Finish LCP

%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

 

Vi2 PPP: Phase is UP

Vi2 IPCP: Protocol configured, start CP. state[Initial]

Vi2 IPCP: Event[OPEN] State[Initial to Starting]

Vi2 IPCP: O CONFREQ [Starting] id 1 len 10

Vi2 IPCP: Address 0.0.0.0 (0x030600000000)

Vi2 IPCP: Event[UP] State[Starting to REQsent]

 

Vi2 CDPCP: Protocol configured, start CP. state[Initial]

Vi2 CDPCP: Event[OPEN] State[Initial to Starting]

Vi2 CDPCP: O CONFREQ [Starting] id 1 len 4

Vi2 CDPCP: Event[UP] State[Starting to REQsent]

 

Vi2 PPP: Process pending ncp packets

Vi2 IPCP: Redirect packet to Vi2

Vi2 IPCP: I CONFREQ [REQsent] id 1 len 16

Vi2 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi2 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi2 IPCP: O CONFREJ [REQsent] id 1 len 10

Vi2 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi2 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]

Vi2 IPCP: I CONFREJ [REQsent] id 1 len 10

Vi2 IPCP: Address 0.0.0.0 (0x030600000000)

Vi2 IPCP: O CONFREQ [REQsent] id 2 len 4

Vi2 IPCP: Event[Receive ConfNak/Rej] State[REQsent to REQsent]

Vi2 LCP: I PROTREJ [Open] id 3 len 10 protocol CDPCP (0x01010004)

 

Vi2 CDPCP: Event[Receive CodeRej-] State[REQsent to Stopped]

Vi2 PPP: Control packet rate limit 10 reached

Vi2 PPP: Entering block state for 30 seconds

Vi2 PPP: Packet throttled, Dropping packet

Vi2 PPP: Packet throttled, Dropping packet

Vi2 PPP: Packet throttled, Dropping packet

Vi2 IPCP: O CONFREQ [REQsent] id 3 len 4

Vi2 IPCP: Event[Timeout+] State[REQsent to REQsent]

Vi2 PPP: Packet throttled, Dropping packet

Vi2 PPP: Packet throttled, Dropping packet

Vi2 PPP: Packet throttled, Dropping packet

Vi2 IPCP: O CONFREQ [REQsent] id 4 len 4

Vi2 IPCP: Event[Timeout+] State[REQsent to REQsent]

Vi2 PPP: Packet throttled, Dropping packet

Vi2 PPP: Packet throttled, Dropping packet

Vi2 IPCP: O CONFREQ [REQsent] id 5 len 4

Vi2 IPCP: Event[Timeout+] State[REQsent to REQsent]

Vi2 PPP: Packet throttled, Dropping packet

Vi2 PPP: Packet throttled, Dropping packet

Vi2 IPCP: O CONFREQ [REQsent] id 6 len 4

Vi2 IPCP: Event[Timeout+] State[REQsent to REQsent]

Vi2 PPP: Packet throttled, Dropping packet

Vi2 IPCP: I CONFREQ [REQsent] id 16 len 16

Vi2 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi2 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi2 IPCP: O CONFREJ [REQsent] id 16 len 10

Vi2 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi2 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]

Vi2 IPCP: O CONFREQ [REQsent] id 7 len 4

Vi2 IPCP: Event[Timeout+] State[REQsent to REQsent]

Vi2 IPCP: I CONFREQ [REQsent] id 17 len 10

Vi2 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi2 IPCP: O CONFACK [REQsent] id 17 len 10

Vi2 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi2 IPCP: Event[Receive ConfReq+] State[REQsent to ACKsent]

Vi2 IPCP: I CONFACK [ACKsent] id 7 len 4

Vi2 IPCP: Event[Receive ConfAck] State[ACKsent to Open]

Vi2 IPCP: State is Open

Di1 Added to neighbor route AVL tree: topoid 0, address 169.254.105.190

Di1 IPCP: Install route to 169.254.105.190

Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

CPE_kliens#

CPE_kliens#

CPE_kliens#sh ip int brief

Interface IP-Address OK? Method Status Protocol

Dialer1 unassigned YES manual up up

GigabitEthernet0 unassigned YES unset down down

GigabitEthernet1 unassigned YES unset down down

GigabitEthernet2 unassigned YES unset down down

GigabitEthernet3 unassigned YES unset down down

GigabitEthernet4 unassigned YES unset down down

GigabitEthernet5 unassigned YES unset down down

GigabitEthernet6 unassigned YES unset down down

GigabitEthernet7 unassigned YES unset down down

GigabitEthernet8 unassigned YES unset up up

GigabitEthernet9 10.200.56.254 YES manual down down

Loopback0 10.254.0.1 YES manual up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access2 unassigned YES unset up up

Vlan1 unassigned YES unset down down

 

CPE_kliens#show ip route

S* 0.0.0.0/0 is directly connected, Dialer1

10.0.0.0/32 is subnetted, 1 subnets

C 10.254.0.1 is directly connected, Loopback0

169.254.0.0/32 is subnetted, 1 subnets

C 169.254.105.190 is directly connected, Dialer1

 

CPE_kliens#sh pppoe session

1 client session

Uniq ID PPPoE RemMAC Port VT VA State

SID LocMAC VA-st Type

N/A 1 5c83.xxxx.xxxx Gi8 Di1 Vi2 UP

5c83.yyyy.yyyy UP

CPE_kliens#

 

Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

! SERVER_ROUTER

Router#debug ppp negotiation

PPP protocol negotiation debugging is on

Router#enable

Router#vlan database

% Warning: It is recommended to configure VLAN from config mode,

as VLAN database mode is being deprecated. Please consult user

documentation for configuring VTP/VLAN in config mode.

 

vlan 88 name pppoe_client_zone

VLAN 88 modified:

Name: pppoe_client_zone

apply

APPLY completed.

exit

APPLY completed.

Exiting....

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

boot-start-marker

! boot system flash:/c800-universalk9-mz.SPA.155-3.M.bin

boot-end-marker

hostname pppoe_SERVER

aaa new-model

radius server default

   address ipv4 169.254.1.1 auth-port 1812 acct-port 1813

   key testing123

   exit

aaa authentication ppp default if-needed group radius

aaa authorization network default group radius

aaa accounting delay-start

aaa accounting network default start-stop group radius

aaa accounting network accounting-dhcp start-stop group radius

!

ip radius source-interface GigabitEthernet8

!

bba-group pppoe global

   virtual-template 1

!

interface GigabitEthernet8

  ip address 169.254.1.254 255.255.255.0

   no shutdown

!

interface GigabitEthernet9

   ip address 169.254.222.254 255.255.255.0

   no shutdown

!

interface Loopback0

   no shutdown

   ip address 10.254.0.4 255.255.255.255

!

interface range GigabitEthernet 0 - 7

   switchport mode access

   switchport access vlan 88

   no shutdown

!

interface vlan88

   no ip address

  no shutdown

   pppoe enable group global

!

interface Virtual-Template1

   ip unnumbered Loopback0

   ip mtu 1492

   ppp authentication chap pap callin ! Kell a CALLIN

   ppp ipcp route default

   no ppp encrypt mppe auto

!

router rip

   version 2

   network 169.254.1.254

   network 169.254.222.254

??? network 196.254.0.0   ???

   no auto-summary

exit

exit

! END

pppoe_SERVER#

PPP: Alloc Context [1AA819C]

ppp1 PPP: Phase is ESTABLISHING

ppp1 PPP: Using vpn set call direction

ppp1 PPP: Treating connection as a callin

ppp1 PPP: Session handle[B1000001] Session id[1]

ppp1 LCP: Event[OPEN] State[Initial to Starting]

ppp1 PPP LCP: Enter passive mode, state[Stopped]

ppp1 LCP: I CONFREQ [Stopped] id 1 len 10

ppp1 LCP: MagicNumber 0x83926151 (0x050683926151)

ppp1 LCP: O CONFREQ [Stopped] id 1 len 19

ppp1 LCP: MRU 1492 (0x010405D4)

ppp1 LCP: AuthProto CHAP (0x0305C22305)

ppp1 LCP: MagicNumber 0x839240C3 (0x0506839240C3)

ppp1 LCP: O CONFACK [Stopped] id 1 len 10

ppp1 LCP: MagicNumber 0x83926151 (0x050683926151)

ppp1 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent]

ppp1 LCP: I CONFNAK [ACKsent] id 1 len 8

ppp1 LCP: MRU 1500 (0x010405DC)

ppp1 LCP: O CONFREQ [ACKsent] id 2 len 19

ppp1 LCP: MRU 1500 (0x010405DC)

ppp1 LCP: AuthProto CHAP (0x0305C22305)

ppp1 LCP: MagicNumber 0x839240C3 (0x0506839240C3)

ppp1 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]

ppp1 LCP: I CONFACK [ACKsent] id 2 len 19

ppp1 LCP: MRU 1500 (0x010405DC)

ppp1 LCP: AuthProto CHAP (0x0305C22305)

ppp1 LCP: MagicNumber 0x839240C3 (0x0506839240C3)

ppp1 LCP: Event[Receive ConfAck] State[ACKsent to Open]

 

ppp1 PPP: Phase is AUTHENTICATING, by this end

ppp1 CHAP: O CHALLENGE id 1 len 33 from "pppoe_SERVER"

ppp1 LCP: State is Open

ppp1 CHAP: I RESPONSE id 1 len 41 from "sierra@mintabolt.com"

ppp1 PPP: Phase is FORWARDING, Attempting Forward

ppp1 PPP: Phase is AUTHENTICATING, Unauthenticated User

ppp1 PPP: Phase is FORWARDING, Attempting Forward

 

Vi3 PPP: Phase is AUTHENTICATING, Authenticated User

Vi3 CHAP: O SUCCESS id 1 len 4

 

Vi3 PPP: Phase is UP

Vi3 IPCP: Protocol configured, start CP. state[Initial]

Vi3 IPCP: Event[OPEN] State[Initial to Starting]

Vi3 IPCP: O CONFREQ [Starting] id 1 len 16

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[UP] State[Starting to REQsent]

%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up

%LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up

 

Vi3 IPCP: I CONFREQ [REQsent] id 1 len 10

Vi3 IPCP: Address 0.0.0.0 (0x030600000000)

Vi3 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0

Vi3 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0

Vi3 IPCP: Cannot satisfy pool request

Vi3 IPCP: Neither side knows remote address

Vi3 IPCP: O CONFREJ [REQsent] id 1 len 10

Vi3 IPCP: Address 0.0.0.0 (0x030600000000)

Vi3 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]

Vi3 CDPCP: I CONFREQ [UNKNOWN] id 1 len 4

Vi3 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x01010004)

Vi3 IPCP: I CONFREJ [REQsent] id 1 len 10

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: O CONFREQ [REQsent] id 2 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Receive ConfNak/Rej] State[REQsent to REQsent]

Vi3 IPCP: I CONFREQ [REQsent] id 2 len 4

Vi3 IPCP: O CONFACK [REQsent] id 2 len 4

Vi3 IPCP: Event[Receive ConfReq+] State[REQsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 3 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 4 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 5 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 6 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 7 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 8 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 9 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 10 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 11 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: Event[Timeout-] State[ACKsent to Stopped]

Vi3 IPCP: I CONFREQ [Stopped] id 3 len 4

 

Vi3 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0

Vi3 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0

Vi3 IPCP: Cannot satisfy pool request

 

Vi3 IPCP: O CONFREQ [Stopped] id 12 len 16

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: O CONFACK [Stopped] id 3 len 4

Vi3 IPCP: Event[Receive ConfReq+] State[Stopped to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 13 len 16

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: I CONFREQ [ACKsent] id 4 len 4

Vi3 IPCP: O CONFACK [ACKsent] id 4 len 4

Vi3 IPCP: Event[Receive ConfReq+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 14 len 16

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: I CONFREQ [ACKsent] id 5 len 4

Vi3 IPCP: O CONFACK [ACKsent] id 5 len 4

Vi3 IPCP: Event[Receive ConfReq+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 15 len 16

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: I CONFREQ [ACKsent] id 6 len 4

Vi3 IPCP: O CONFACK [ACKsent] id 6 len 4

Vi3 IPCP: Event[Receive ConfReq+] State[ACKsent to ACKsent]

Vi3 IPCP: O CONFREQ [ACKsent] id 16 len 16

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Timeout+] State[ACKsent to ACKsent]

Vi3 IPCP: I CONFREJ [ACKsent] id 16 len 10

Vi3 IPCP: CompressType VJ 15 slots (0x0206002D0F01)

Vi3 IPCP: O CONFREQ [ACKsent] id 17 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]

Vi3 IPCP: I CONFREQ [ACKsent] id 7 len 4

Vi3 IPCP: O CONFACK [ACKsent] id 7 len 4

Vi3 IPCP: Event[Receive ConfReq+] State[ACKsent to ACKsent]

Vi3 IPCP: I CONFACK [ACKsent] id 17 len 10

Vi3 IPCP: Address 169.254.105.190 (0x0306A9FE69BE)

Vi3 IPCP: Event[Receive ConfAck] State[ACKsent to Open]

Vi3 IPCP: State is Open

 

pppoe_SERVER#

pppoe_SERVER#show ip int brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0 unassigned YES unset down down

GigabitEthernet1 unassigned YES unset down down

GigabitEthernet2 unassigned YES unset down down

GigabitEthernet3 unassigned YES unset up up

GigabitEthernet4 unassigned YES unset down down

GigabitEthernet5 unassigned YES unset down down

GigabitEthernet6 unassigned YES unset down down

GigabitEthernet7 unassigned YES unset down down

GigabitEthernet8 169.254.1.254 YES manual up up

GigabitEthernet9 169.254.222.254 YES manual down down

Loopback0 10.254.0.4 YES manual up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access2 unassigned YES unset down down

Virtual-Access3 169.254.105.190 YES TFTP up up

Virtual-Template1 10.254.0.4 YES unset down down

Vlan1 unassigned YES unset down down

Vlan88 unassigned YES unset up up

 

pppoe_SERVER#show ip route

10.0.0.0/32 is subnetted, 1 subnets

C 10.254.0.4 is directly connected, Loopback0

169.254.0.0/16 is variably subnetted, 4 subnets, 3 masks

C 169.254.1.0/24 is directly connected, GigabitEthernet8

L 169.254.1.254/32 is directly connected, GigabitEthernet8

C 169.254.105.128/26 is directly connected, Virtual-Access3

L 169.254.105.190/32 is directly connected, Virtual-Access3

 

pppoe_SERVER#sh pppoe session

1 session in LOCALLY_TERMINATED (PTA) State

1 session total

Uniq ID PPPoE RemMAC Port VT VA State

SID LocMAC VA-st Type

1 1 5c83.yyyy.yyyy Vl88 1 Vi3 PTA

5c83.xxxx.xxxx UP

pppoe_SERVER#

pppoe_SERVER#

pppoe_SERVER#test aaa group radius sierra@mintabolt.com sierra legacy

Attempting authentication test to server-group radius using radius

User was successfully authenticated.

 

pppoe_SERVER#show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 169.254.1.1 0 1866.wwww.wwww ARPA GigabitEthernet8

Internet 169.254.1.254 - 5c83.zzzz.zzzz ARPA GigabitEthernet8

Internet 169.254.222.254 - 5c83.qqqq.qqqq ARPA GigabitEthernet9

pppoe_SERVER#

#################################

KLIENS lokál authentikáció és lokál POOL

 

CPE_kliens#debug ppp negotiation

PPP protocol negotiation debugging is on

CPE_kliens#

%LINK-3-UPDOWN: Interface GigabitEthernet8, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet8, changed state to up

%DIALER-6-BIND: Interface Vi2 bound to profile Di1

%LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

Vi2 PPP: Sending cstate UP notification

Vi2 PPP: Processing CstateUp message

PPP: Alloc Context [1AFB91C]

 

ppp1 PPP: Phase is ESTABLISHING

Vi2 PPP: Using dialer call direction

Vi2 PPP: Treating connection as a callout

Vi2 PPP: Session handle[C4000001] Session id[1]

Vi2 LCP: Event[OPEN] State[Initial to Starting]

Vi2 PPP: No remote authentication for call-out

 

Vi2 LCP: O CONFREQ [Starting] id 1 len 10

Vi2 LCP: MagicNumber 0x839225CF (0x0506839225CF)

Vi2 LCP: Event[UP] State[Starting to REQsent]

Vi2 LCP: I CONFREQ [REQsent] id 1 len 19

Vi2 LCP: MRU 1492 (0x010405D4)

Vi2 LCP: AuthProto CHAP (0x0305C22305)

Vi2 LCP: MagicNumber 0x8391F2D2 (0x05068391F2D2)

Vi2 LCP: O CONFNAK [REQsent] id 1 len 8

Vi2 LCP: MRU 1500 (0x010405DC)

Vi2 LCP: Event[Receive ConfReq-] State[REQsent to REQsent]

Vi2 LCP: I CONFACK [REQsent] id 1 len 10

Vi2 LCP: MagicNumber 0x839225CF (0x0506839225CF)

Vi2 LCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]

Vi2 LCP: I CONFREQ [ACKrcvd] id 2 len 19

Vi2 LCP: MRU 1500 (0x010405DC)

Vi2 LCP: AuthProto CHAP (0x0305C22305)

Vi2 LCP: MagicNumber 0x8391F2D2 (0x05068391F2D2)

Vi2 LCP: O CONFACK [ACKrcvd] id 2 len 19

Vi2 LCP: MRU 1500 (0x010405DC)

Vi2 LCP: AuthProto CHAP (0x0305C22305)

Vi2 LCP: MagicNumber 0x8391F2D2 (0x05068391F2D2)

Vi2 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]

 

Vi2 PPP: Phase is AUTHENTICATING, by the peer

Vi2 LCP: State is Open

Vi2 CHAP: I CHALLENGE id 1 len 33 from "pppoe_SERVER"

Vi2 CHAP: Using hostname from interface CHAP

Vi2 CHAP: Using password from interface CHAP

Vi2 CHAP: O RESPONSE id 1 len 41 from "quebec@mintabolt.com"

Vi2 CHAP: I SUCCESS id 1 len 4

 

Vi2 PPP: Phase is FORWARDING, Attempting Forward

Vi2 PPP: Queue IPCP code[1] id[1]

Vi2 PPP: Phase is ESTABLISHING, Finish LCP

%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

 

Vi2 PPP: Phase is UP

Vi2 IPCP: Protocol configured, start CP. state[Initial]

Vi2 IPCP: Event[OPEN] State[Initial to Starting]

Vi2 IPCP: O CONFREQ [Starting] id 1 len 10

Vi2 IPCP: Address 0.0.0.0 (0x030600000000)

Vi2 IPCP: Event[UP] State[Starting to REQsent]

Vi2 CDPCP: Protocol configured, start CP. state[Initial]

Vi2 CDPCP: Event[OPEN] State[Initial to Starting]

Vi2 CDPCP: O CONFREQ [Starting] id 1 len 4

Vi2 CDPCP: Event[UP] State[Starting to REQsent]

Vi2 PPP: Process pending ncp packets

Vi2 IPCP: Redirect packet to Vi2

Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10

Vi2 IPCP: Address 10.254.0.4 (0x03060AFE0004)

Vi2 IPCP: O CONFACK [REQsent] id 1 len 10

Vi2 IPCP: Address 10.254.0.4 (0x03060AFE0004)

Vi2 IPCP: Event[Receive ConfReq+] State[REQsent to ACKsent]

Vi2 IPCP: I CONFNAK [ACKsent] id 1 len 10

Vi2 IPCP: Address 200.200.200.10 (0x0306C8C8C80A)

Vi2 IPCP: O CONFREQ [ACKsent] id 2 len 10

Vi2 IPCP: Address 200.200.200.10 (0x0306C8C8C80A)

Vi2 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]

Vi2 LCP: I PROTREJ [Open] id 3 len 10 protocol CDPCP (0x01010004)

Vi2 CDPCP: Event[Receive CodeRej-] State[REQsent to Stopped]

Vi2 IPCP: I CONFACK [ACKsent] id 2 len 10

Vi2 IPCP: Address 200.200.200.10 (0x0306C8C8C80A)

Vi2 IPCP: Event[Receive ConfAck] State[ACKsent to Open]

Vi2 IPCP: State is Open

Di1 IPCP: Install negotiated IP interface address 200.200.200.10

Di1 Added to neighbor route AVL tree: topoid 0, address 10.254.0.4

Di1 IPCP: Install route to 10.254.0.4

CPE_kliens#

CPE_kliens#

*Jan 1 15:18:37.707: Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

*Jan 1 15:19:32.483: Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

 

CPE_kliens#

CPE_kliens#show ip int brief

Interface IP-Address OK? Method Status Protocol

Dialer1 200.200.200.10 YES IPCP up up

GigabitEthernet0 unassigned YES unset down down

GigabitEthernet1 unassigned YES unset down down

GigabitEthernet2 unassigned YES unset down down

GigabitEthernet3 unassigned YES unset down down

GigabitEthernet4 unassigned YES unset down down

GigabitEthernet5 unassigned YES unset down down

GigabitEthernet6 unassigned YES unset down down

GigabitEthernet7 unassigned YES unset down down

GigabitEthernet8 unassigned YES unset up up

GigabitEthernet9 10.200.56.254 YES manual down down

Loopback0 10.254.0.1 YES manual up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access2 unassigned YES unset up up

Vlan1 unassigned YES unset down down

 

CPE_kliens#show ip route

 

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

 

S* 0.0.0.0/0 is directly connected, Dialer1

10.0.0.0/32 is subnetted, 2 subnets

C 10.254.0.1 is directly connected, Loopback0

C 10.254.0.4 is directly connected, Dialer1

200.200.200.0/32 is subnetted, 1 subnets

C 200.200.200.10 is directly connected, Dialer1

CPE_kliens#

*Jan 1 15:25:40.555: Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated

 

#################################

SZERVER lokál authentikáció és lokál POOL

pppoe_SERVER#show ip int brief

pppoe_SERVER##Interface IP-Address OK? Method Status Protocol

GigabitEthernet0 unassigned YES unset down down

GigabitEthernet1 unassigned YES unset down down

GigabitEthernet2 unassigned YES unset down down

GigabitEthernet3 unassigned YES unset up up

GigabitEthernet4 unassigned YES unset down down

GigabitEthernet5 unassigned YES unset down down

GigabitEthernet6 unassigned YES unset down down

GigabitEthernet7 unassigned YES unset down down

GigabitEthernet8 169.254.1.254 YES manual up up

GigabitEthernet9 169.254.222.254 YES manual down down

Loopback0 10.254.0.4 YES manual up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access1.1 10.254.0.4 YES unset up up

Virtual-Access2 unassigned YES unset down down

Virtual-Template1 10.254.0.4 YES unset down down

Vlan1 unassigned YES unset down down

Vlan88 unassigned YES unset up up

 

pppoe_SERVER#show ip route

Gateway of last resort is 200.200.200.10 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 200.200.200.10

10.0.0.0/32 is subnetted, 1 subnets

C 10.254.0.4 is directly connected, Loopback0

169.254.0.0/16 is variably subnetted, 2 subnets, 2 masks

C 169.254.1.0/24 is directly connected, GigabitEthernet8

L 169.254.1.254/32 is directly connected, GigabitEthernet8

200.200.200.0/32 is subnetted, 1 subnets

C 200.200.200.10 is directly connected, Virtual-Access1.1

pppoe_SERVER#

pppoe_SERVER#

 

RADGROUPREPLY

NULL    Mintazat    Service-Type    =    Framed-User
NULL    Mintazat    Framed-Protocol    =    PPP
NULL    Mintazat    Idle-Timeout    =    900

RADREPLY

NULL    alfa@mintabolt.com    Idle-Timeout    :=    900
NULL    alfa@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.101.62 255.255.255.192
NULL    bravo@mintabolt.com    Idle-Timeout    :=    900
NULL    bravo@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.101.126 255.255.255.192
NULL    charlie@mintabolt.com    Idle-Timeout    :=    900
NULL    charlie@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.101.190 255.255.255.192
NULL    delta@mintabolt.com    Idle-Timeout    :=    900
NULL    delta@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.101.254 255.255.255.192
NULL    ekho@mintabolt.com    Idle-Timeout    :=    900
NULL    ekho@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.102.62 255.255.255.192
NULL    foxtrott@mintabolt.com    Idle-Timeout    :=    900
NULL    foxtrott@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.102.126 255.255.255.192
NULL    golf@mintabolt.com    Idle-Timeout    :=    900
NULL    golf@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.102.190 255.255.255.192
NULL    hotel@mintabolt.com    Idle-Timeout    :=    900
NULL    hotel@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.102.254 255.255.255.192
NULL    india@mintabolt.com    Idle-Timeout    :=    900
NULL    india@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.103.62 255.255.255.192
NULL    juliet@mintabolt.com    Idle-Timeout    :=    900
NULL    juliet@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.103.126 255.255.255.192
NULL    kilo@mintabolt.com    Idle-Timeout    :=    900
NULL    kilo@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.103.190 255.255.255.192
NULL    lima@mintabolt.com    Idle-Timeout    :=    900
NULL    lima@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.103.254 255.255.255.192
NULL    mike@mintabolt.com    Idle-Timeout    :=    900
NULL    mike@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.104.62 255.255.255.192
NULL    november@mintabolt.com    Idle-Timeout    :=    900
NULL    november@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.104.126 255.255.255.192
NULL    oscar@mintabolt.com    Idle-Timeout    :=    900
NULL    oscar@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.104.190 255.255.255.192
NULL    papa@mintabolt.com    Idle-Timeout    :=    900
NULL    papa@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.104.254 255.255.255.192
NULL    quebec@mintabolt.com    Idle-Timeout    :=    900
NULL    quebec@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.105.62 255.255.255.192
NULL    romeo@mintabolt.com    Idle-Timeout    :=    900
NULL    romeo@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.105.126 255.255.255.192
NULL    sierra@mintabolt.com    Idle-Timeout    :=    900
NULL    sierra@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.105.190 255.255.255.192
NULL    tango@mintabolt.com    Idle-Timeout    :=    900
NULL    tango@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.105.254 255.255.255.192
NULL    uniform@mintabolt.com    Idle-Timeout    :=    900
NULL    uniform@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.106.62 255.255.255.192
NULL    xray@mintabolt.com    Idle-Timeout    :=    900
NULL    xray@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.106.126 255.255.255.192
NULL    yankee@mintabolt.com    Idle-Timeout    :=    900
NULL    yankee@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.106.190 255.255.255.192
NULL    zulu@mintabolt.com    Idle-Timeout    :=    900
NULL    zulu@mintabolt.com    cisco-avpair    +=    lcp:interface-config=ip address 169.254.106.254 255.255.255.192

RADCHECK

NULL    alfa@mintabolt.com    Cleartext-Password    :=    alfa
NULL    bravo@mintabolt.com    Cleartext-Password    :=    bravo
NULL    charlie@mintabolt.com    Cleartext-Password    :=    charlie
NULL    delta@mintabolt.com    Cleartext-Password    :=    delta
NULL    ekho@mintabolt.com    Cleartext-Password    :=    ekho
NULL    foxtrott@mintabolt.com    Cleartext-Password    :=    foxtrott
NULL    golf@mintabolt.com    Cleartext-Password    :=    golf
NULL    hotel@mintabolt.com    Cleartext-Password    :=    hotel
NULL    india@mintabolt.com    Cleartext-Password    :=    india
NULL    juliet@mintabolt.com    Cleartext-Password    :=    juliet
NULL    kilo@mintabolt.com    Cleartext-Password    :=    kilo
NULL    lima@mintabolt.com    Cleartext-Password    :=    lima
NULL    mike@mintabolt.com    Cleartext-Password    :=    mike
NULL    november@mintabolt.com    Cleartext-Password    :=    november
NULL    oscar@mintabolt.com    Cleartext-Password    :=    oscar
NULL    papa@mintabolt.com    Cleartext-Password    :=    papa
NULL    quebec@mintabolt.com    Cleartext-Password    :=    quebec
NULL    romeo@mintabolt.com    Cleartext-Password    :=    romeo
NULL    sierra@mintabolt.com    Cleartext-Password    :=    sierra
NULL    tango@mintabolt.com    Cleartext-Password    :=    tango
NULL    uniform@mintabolt.com    Cleartext-Password    :=    uniform
NULL    xray@mintabolt.com    Cleartext-Password    :=    xray
NULL    yankee@mintabolt.com    Cleartext-Password    :=    yankee
NULL    zulu@mintabolt.com    Cleartext-Password    :=    zulu