


Mcd-ROSto00001RO0001# sh run
. . .
aaa new-model
!
!
aaa group server radius CentralRadius
 server X.X.X.X auth-port 1645 acct-port 1646
!
aaa authentication login default local group CentralRadius
aaa authorization exec default group CentralRadius 
aaa authorization auth-proxy default group CentralRadius 
!
aaa session-id common
!
ip auth-proxy max-login-attempts 3
ip auth-proxy inactivity-timer 10
ip auth-proxy absolute-timer 240
ip auth-proxy name HotSpot_Authentication http inactivity-time 10
ip admission max-login-attempts 3
ip admission inactivity-timer 10
ip admission absolute-timer 240
!
interface Vlan5
 ip auth-proxy HotSpot_Authentication
!
ip radius source-interface Vlan2 
!
radius-server host X.X.X.X auth-port 1645 acct-port 1646
radius-server key 7 047F3927280E7F7D594E57
. . .








Mcd-ROSto00001RO0001#sh debug
General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
  AAA Radius debugs debugging is on
Auth-Proxy:
  AUTH-PROXY Detailed debugging is on
Radius protocol debugging is on
Radius packet protocol debugging is on
Radius elog debugging debugging is on




Jan 29 12:50:21: AUTH-PROXY:proto_flag=4, dstport_index=0
Jan 29 12:50:21: AUTH-PROXY:Protocol not configured on if_input
Jan 29 12:50:29: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:29:  SYN SEQ 1117796798 LEN 0
Jan 29 12:50:29: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2654
Jan 29 12:50:29: AUTH-PROXY:auth_proxy_half_open_count++ 1
Jan 29 12:50:29: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:29:  ACK 4267125106 SEQ 1117796799 LEN 0
Jan 29 12:50:29: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2654
Jan 29 12:50:29: clientport 2654 state 0
Jan 29 12:50:29: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:29:  PSH ACK 4267125106 SEQ 1117796799 LEN 499
Jan 29 12:50:29: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2654
Jan 29 12:50:29: clientport 2654 state 0
Jan 29 12:50:29: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:29:  ACK 4267126263 SEQ 1117797298 LEN 0
Jan 29 12:50:29: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2654
Jan 29 12:50:29: clientport 2654 state 0
Jan 29 12:50:29: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:29:  FIN ACK 4267126263 SEQ 1117797298 LEN 0
Jan 29 12:50:29: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2654
Jan 29 12:50:29: clientport 2654 state 0
Jan 29 12:50:44: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:44:  SYN SEQ 2820864558 LEN 0
Jan 29 12:50:44: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2658
Jan 29 12:50:44: clientport 2654 state 0
Jan 29 12:50:44: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:44:  ACK 493213999 SEQ 2820864559 LEN 0
Jan 29 12:50:44: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2658
Jan 29 12:50:44: clientport 2658 state 0
Jan 29 12:50:44: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:44:  PSH ACK 493213999 SEQ 2820864559 LEN 617
Jan 29 12:50:44: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2658
Jan 29 12:50:44: clientport 2658 state 0
Jan 29 12:50:44: AAA: parse name=Vlan5 idb type=-1 tty=-1
Jan 29 12:50:44: AAA: name=Vlan5 flags=0x11 type=14 shelf=0 slot=0 adapter=0 port=5 channel=0
Jan 29 12:50:44: AAA: parse name=<no string> idb type=-1 tty=-1
Jan 29 12:50:44: AAA/MEMORY: create_user 
Mcd-ROSto00001RO0001 (0x842C9184) user='NULL' ruser='NULL' ds0=0 port='Vlan5' rem_addr='10.49.250.187' authen_type=ASCII service=LOGIN priv=0 initial_task_id='0', vrf= (id=0)
Jan 29 12:50:44: AAA/AUTHEN/START (1968147059): port='Vlan5' list='default' action=LOGIN service=LOGIN
Jan 29 12:50:44: AAA/AUTHEN/START (1968147059): found list default
Jan 29 12:50:44: AAA/AUTHEN/START (1968147059): Method=LOCAL
Jan 29 12:50:44: AAA/AUTHEN(1968147059): Status=GETUSER
Jan 29 12:50:44: AAA/AUTHEN/CONT (1968147059): continue_login (user='(undef)')
Jan 29 12:50:44: AAA/AUTHEN(1968147059): Status=GETUSER
Jan 29 12:50:44: AAA/AUTHEN/CONT (1968147059): Method=LOCAL
Jan 29 12:50:44: AAA/AUTHEN(1968147059): User not found, emulating local-override
Jan 29 12:50:44: AAA/AUTHEN(1968147059): Status=ERROR
Jan 29 12:50:44: AAA/AUTHEN/START (151420416): port='Vlan5' list='' action=LOGIN service=LOGIN
Jan 29 12:50:44: AAA/AUTHEN/START (151420416): Restart
Jan 29 12:50:44: AAA/AUTHEN/START (151420416): Method=CentralRadius (radius)
Jan 29 12:50:44: AAA/AUTHEN(151420416): Status=GETPASS
Jan 29 12:50:44: AAA/AUTHEN/CONT (151420416): continue_login (user='ro\ro-dragos.zirbo')
Jan 29 12:50:44: AAA/AUTHEN(151420416): Status=GETPASS
Jan 29 12:50:44: AAA/AUTHEN(151420416): Method=CentralRadius (radius)
Jan 29 12:50:44: RADIUS: Pick NAS IP for u=0x842C9184 tableid=0 cfg_addr=10.49.250.126
Jan 29 12:50:44: RADIUS: ustruct sharecount=1
Jan 29 12:50:44: Radius: radius_port_info() success=1 radius_nas_port=1
Jan 29 12:50:44: RADIUS(00000000): Send Access-Request to 152.141.79.240:1645 id 1645/74, len 97
Jan 29 12:50:44: RADIUS:  authenticator 07 A7 E5 04 B7 21 DD 29 - 0A 27 EF 31 66 89 67 7B
Jan 29 12:50:44: RADIUS:  NAS-IP-Address      [4]   6   10.49.250.126             
Jan 29 12:50:44: RADIUS:  NAS-Port            [5]   6   5                         
Jan 29 12:50:44: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
Jan 29 12:50:44: RADIUS:  User-Name           [1]   20  "ro\ro-dragos.zirbo"
Jan 29 12:50:44: RADIUS:  Calling-Station-Id  [31]  15  "10.49.250.187"
Jan 29 12:50:44: RADIUS:  User-Password       [2]   18  *
Jan 29 12:50:44: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
Jan 29 12:50:44: RADIUS: Received from id 1645/74 152.141.79.240:1645, Access-Accept, len 105
Jan 29 12:50:44: RADIUS:  authenticator 95 68 91 57 FD 1C A3 4E - 25 AC C6 BF 6E 54 0F 51
Jan 29 12:50:44: RADIUS:  Vendor, Cisco       [26]  47  
Jan 29 12:50:44: RADIUS:   Cisco AVpair       [1]   41  "auth-proxy:proxyacl#1=permit ip any any"
Jan 29 12:50:44: RADIUS:  Service-Type        [6]   6   Callback Framed           [4]
Jan 29 12:50:44: RADIUS:  Class               [25]  32  
Jan 29 12:50:44: RADIUS:   5E 63 06 59 00 00 01 37 00 01 98 8D 4F F0 01 C7  [^c?Y???7????O???]
Jan 29 12:50:44: RADIUS:   43 90 8E F3 0B 91 00 00 00 00 00 00 00 03        [C?????????????]
Jan 29 12:50:44: RADIUS: saved authorization data for user 842C9184 at 847F0EBC
Jan 29 12:50:44: AAA/AUTHEN(151420416): Status=PASS
Jan 29 12:50:44: Vlan5 AAA/AUTHOR/HTTP(3030699960): Port='Vlan5' list='default' service=AUTH-PROXY
Jan 29 12:50:44: AAA/AUTHOR/HTTP: Vlan5(3030699960) user='ro\ro-dragos.zirbo'
Jan 29 12:50:44: Vlan5 AAA/AUTHOR/HTTP(3030699960): send AV service=auth-proxy
Jan 29 12:50:44: Vlan5 AAA/AUTHOR/HTTP(3030699960): send AV cmd*
Jan 29 12:50:44: Vlan5 AAA/AUTHOR/HTTP(3030699960): found list "default"
Jan 29 12:50:44: Vlan5 AAA/AUTHOR/HTTP(3030699960): Method=CentralRadius (radius)
Jan 29 12:50:44: RADIUS: cisco AVPair "auth-proxy:proxyacl#1=permit ip any any"
Jan 29 12:50:44: AAA/AUTHOR (3030699960): Post authorization status = PASS_ADD
Jan 29 12:50:44: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:44:  ACK 493214958 SEQ 2820865176 LEN 0
Jan 29 12:50:44: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2658
Jan 29 12:50:44: clientport 2658 state 0
Jan 29 12:50:44: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:44:  FIN ACK 493214958 SEQ 2820865176 LEN 0
Jan 29 12:50:44: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2658
Jan 29 12:50:44: clientport 2658 state 0
Jan 29 12:50:45: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:45:  SYN SEQ 2048428501 LEN 0
Jan 29 12:50:45: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2659
Jan 29 12:50:45: clientport 2658 state 0
Jan 29 12:50:45: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:45:  ACK 88154729 SEQ 2048428502 LEN 0
Jan 29 12:50:45: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2659
Jan 29 12:50:45: clientport 2659 state 0
Jan 29 12:50:45: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:45:  PSH ACK 88154729 SEQ 2048428502 LEN 277
Jan 29 12:50:45: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2659
Jan 29 12:50:45: clientport 2659 state 0
Jan 29 12:50:45: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:45:  ACK 88155886 SEQ 2048428779 LEN 0
Jan 29 12:50:45: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2659
Jan 29 12:50:45: clientport 2659 state 0
Jan 29 12:50:45: AUTH-PROXY:proto_flag=4, dstport_index=4
Jan 29 12:50:45:  FIN ACK 88155886 SEQ 2048428779 LEN 0
Jan 29 12:50:45: dst_addr 164.109.145.147 src_addr 10.49.250.187 dst_port 80 src_port 2659
Jan 29 12:50:45: clientport 2659 state 0