01-12-2015 03:20 AM - edited 03-01-2019 02:50 PM
Hi .
I have been attempting to migrate services from an existing Cisco 3825 to a recently purchased ASR1002 .
Configure ;
Router#sh run
Building configuration...
Current configuration : 2307 bytes
!
! Last configuration change at 10:33:33 UTC Mon Jan 12 2015
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Router
!
boot-start-marker
boot system flash bootflash:asr1000rp1-advipservicesk9.02.06.02.122-33.XNF2.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa new-model
!
!
aaa group server radius PPPoE
server 203.146.237.58 auth-port 1645 acct-port 0
server 203.146.237.57 auth-port 0 acct-port 1646
!
aaa authentication ppp PPPoE group PPPoE
aaa authorization network PPPoE group PPPoE
aaa accounting network PPPoE start-stop group PPPoE
!
!
!
!
!
aaa session-id common
aaa policy interface-config allow-subinterface
ip source-route
!
!
!
!
!
!
!
async-bootp dns-server 203.146.237.237 203.146.237.222
multilink bundle-name authenticated
!
!
!
!
!
!
!
redundancy
mode none
!
!
!
!
!
!
!
!
bba-group pppoe PPPoE
virtual-template 1
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 200
ip address 203.146.23.78 255.255.255.252
!
interface GigabitEthernet0/0/1
no ip address
no negotiation auto
pppoe enable group PPPoE
!
interface GigabitEthernet0/0/1.202
encapsulation dot1Q 202
ip address 203.146.197.33 255.255.255.240
pppoe enable group PPPoE
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0/0.1
peer default ip address pool TEST
ppp authentication pap PPPoE
ppp authorization PPPoE
ppp accounting PPPoE
ppp ipcp address accept
ppp multilink
!
ip local pool TEST 203.146.239.162 203.146.239.174
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 203.146.23.77
!
!
!
radius-server host 203.146.237.58 auth-port 1645 acct-port 0
radius-server host 203.146.237.57 auth-port 0 acct-port 1646
radius-server key xxx
!
control-plane
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
Now I have problem with Radius Connection. Problem is Client or modem can't get ip address. (local user it's OK) .
I have log debug radius that below.
Comparison Between 3825 with ASR1002
On 3825
TEST-BRAS#
Jan 8 03:44:43.792: RADIUS/ENCODE(00000318):Orig. component type = PPoE
Jan 8 03:44:43.792: RADIUS: AAA Unsupported Attr: interface [175] 9
Jan 8 03:44:43.792: RADIUS: 30 2F 30 2F 31 2F 32 [0/0/1/2]
Jan 8 03:44:43.792: RADIUS(00000318): Config NAS IP: 0.0.0.0
Jan 8 03:44:43.792: RADIUS/ENCODE(00000318): acct_session_id: 796
Jan 8 03:44:43.792: RADIUS(00000318): sending
Jan 8 03:44:43.792: RADIUS/ENCODE: Best Local IP-Address 203.146.23.78 for Radius-Server 203.146.237.58
Jan 8 03:44:43.792: RADIUS(00000318): Send Access-Request to 203.146.237.58:1645 id 1645/14, len 89
Jan 8 03:44:43.792: RADIUS: authenticator 45 49 DB 71 AB 42 9F F4 - 42 B7 BD EC C6 0E BC B6
Jan 8 03:44:43.792: RADIUS: User-Name [1] 16 "xxx.com"
Jan 8 03:44:43.792: RADIUS: User-Password [2] 18 *
Jan 8 03:44:43.792: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Jan 8 03:44:43.792: RADIUS: NAS-Port [5] 6 0
Jan 8 03:44:43.792: RADIUS: NAS-Port-Id [87] 11 "0/0/1/202"
Jan 8 03:44:43.792: RADIUS: Service-Type [6] 6 Outbound [5]
Jan 8 03:44:43.792: RADIUS: NAS-IP-Address [4] 6 203.146.23.78
Jan 8 03:44:43.800: RADIUS: Received from id 1645/14 203.146.237.58:1645, Access-Reject, len 44
Jan 8 03:44:43.800: RADIUS: authenticator C3 2A E9 AA 72 D5 AC 36 - 0B 57 A5 31 72 AB 34 7F
Jan 8 03:44:43.800: RADIUS: Reply-Message [18] 24
Jan 8 03:44:43.800: RADIUS: 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 66 [Authentication f]
Jan 8 03:44:43.800: RADIUS: 61 69 6C 75 72 65 [ailure]
Jan 8 03:44:43.800: RADIUS(00000318): Received from id 1645/14
Jan 8 03:44:43.800: RADIUS/DECODE: Reply-Message fragments, 22, total 22 bytes
Jan 8 03:44:43.804: RADIUS/ENCODE(00000318):Orig. component type = PPoE
Jan 8 03:44:43.804: RADIUS: AAA Unsupported Attr: client-mac-address[49] 14
Jan 8 03:44:43.804: RADIUS: 38 34 38 66 2E 36 39 63 61 2E 37 31 [848f.69ca.71]
Jan 8 03:44:43.804: RADIUS: AAA Unsupported Attr: interface [175] 9
Jan 8 03:44:43.804: RADIUS: 30 2F 30 2F 31 2F 32 [0/0/1/2]
Jan 8 03:44:43.804: RADIUS(00000318): Config NAS IP: 0.0.0.0
Jan 8 03:44:43.804: RADIUS/ENCODE(00000318): acct_session_id: 796
Jan 8 03:44:43.804: RADIUS(00000318): sending
Jan 8 03:44:43.804: RADIUS/ENCODE: Best Local IP-Address 203.146.23.78 for Radius-Server 203.146.237.58
Jan 8 03:44:43.804: RADIUS(00000318): Send Access-Request to 203.146.237.58:1645 id 1645/15, len 110
Jan 8 03:44:43.804: RADIUS: authenticator 27 F0 A3 06 7B E4 A3 BD - 4C 64 BB 3D DD B4 B5 58
Jan 8 03:44:43.804: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jan 8 03:44:43.804: RADIUS: User-Name [1] 31 "testcas2048_20@xxx.com"
Jan 8 03:44:43.804: RADIUS: User-Password [2] 18 *
Jan 8 03:44:43.804: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Jan 8 03:44:43.804: RADIUS: NAS-Port [5] 6 0
Jan 8 03:44:43.804: RADIUS: NAS-Port-Id [87] 11 "0/0/1/202"
Jan 8 03:44:43.804: RADIUS: Service-Type [6] 6 Framed [2]
Jan 8 03:44:43.804: RADIUS: NAS-IP-Address [4] 6 203.146.23.78
Jan 8 03:44:43.888: RADIUS: Received from id 1645/15 203.146.237.58:1645, Access-Accept, len 258
Jan 8 03:44:43.888: RADIUS: authenticator 40 E2 15 5F 8F EA FF 74 - 10 27 8E AD D4 93 C3 91
Jan 8 03:44:43.888: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jan 8 03:44:43.888: RADIUS: Service-Type [6] 6 Framed [2]
Jan 8 03:44:43.888: RADIUS: Vendor, Cisco [26] 195
Jan 8 03:44:43.888: RADIUS: Cisco AVpair [1] 189 "lcp:interface-config=rate-limit input 512000 96000 192000 conform-action transmit exceed-action drop\nrate-limit output 15360000 2880000 5760000 conform-action transmit exceed-action drop"
Jan 8 03:44:43.888: RADIUS: Vendor, Cisco [26] 25
Jan 8 03:44:43.888: RADIUS: Cisco AVpair [1] 19 "ip:addr-pool=TEST"
Jan 8 03:44:43.888: RADIUS: Session-Timeout [27] 6 36000
Jan 8 03:44:43.888: RADIUS(00000318): Received from id 1645/15
Jan 8 03:44:43.896: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
Jan 8 03:44:43.908: RADIUS/ENCODE(00000318):Orig. component type = PPoE
Jan 8 03:44:43.908: RADIUS(00000318): Config NAS IP: 0.0.0.0
Jan 8 03:44:43.908: RADIUS(00000318): sending
Jan 8 03:44:43.908: RADIUS/ENCODE: Best Local IP-Address 203.146.23.78 for Radius-Server 203.146.237.57
Jan 8 03:44:43.908: RADIUS(00000318): Send Accounting-Request to 203.146.237.57:1646 id 1646/15, len 126
Jan 8 03:44:43.908: RADIUS: authenticator AB 57 69 43 D0 2E 20 8C - 3A 49 DC 20 C9 5B 29 B5
Jan 8 03:44:43.908: RADIUS: Acct-Session-Id [44] 10 "0000031C"
Jan 8 03:44:43.908: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jan 8 03:44:43.908: RADIUS: Framed-IP-Address [8] 6 203.146.239.162
Jan 8 03:44:43.908: RADIUS: User-Name [1] 31 "testcas2048_20@xxx.com"
Jan 8 03:44:43.908: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
Jan 8 03:44:43.908: RADIUS: Acct-Status-Type [40] 6 Start [1]
Jan 8 03:44:43.908: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Jan 8 03:44:43.912: RADIUS: NAS-Port [5] 6 0
Jan 8 03:44:43.912: RADIUS: NAS-Port-Id [87] 11 "0/0/1/202"
Jan 8 03:44:43.912: RADIUS: Service-Type [6] 6 Framed [2]
Jan 8 03:44:43.912: RADIUS: NAS-IP-Address [4] 6 203.146.23.78
Jan 8 03:44:43.912: RADIUS: Acct-Delay-Time [41] 6 0
Jan 8 03:44:43.912: RADIUS: Received from id 1646/15 203.146.237.57:1646, Accounting-response, len 20
Jan 8 03:44:43.912: RADIUS: authenticator 6A 6A 25 CE 58 95 52 2F - 26 25 15 A3 7F 16 7E DA
Jan 8 03:44:44.896: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
On ASR1002
Jan 8 04:43:00.170: RADIUS/ENCODE(0000004C):Orig. component type = PPPoE
Jan 8 04:43:00.170: RADIUS: AAA Unsupported Attr: interface [223] 9
Jan 8 04:43:00.170: RADIUS: 30 2F 30 2F 31 2F 32 [ 0/0/1/2]
Jan 8 04:43:00.170: RADIUS: AAA Unsupported Attr: client-mac-address[45] 14
Jan 8 04:43:00.170: RADIUS: 38 34 38 66 2E 36 39 63 61 2E 37 31 [ 848f.69ca.71]
Jan 8 04:43:00.170: RADIUS(0000004C): Config NAS IP: 0.0.0.0
Jan 8 04:43:00.170: RADIUS(0000004C): Config NAS IPv6: ::
Jan 8 04:43:00.170: RADIUS/ENCODE(0000004C): acct_session_id: 65
Jan 8 04:43:00.170: RADIUS(0000004C): sending
Jan 8 04:43:00.170: RADIUS/ENCODE: Best Local IP-Address 203.146.23.78 for Radius-Server 203.146.237.58
Jan 8 04:43:00.170: RADIUS(0000004C): Send Access-Request to 203.146.237.58:1645 id 1645/61, len 89
Jan 8 04:43:00.170: RADIUS(0000004C): Sending a IPv4 Radius Packet
Jan 8 04:43:00.171: RADIUS(0000004C): Send Access-Request to 203.146.237.58:1645 id 1645/61, len 89
Jan 8 04:43:00.171: RADIUS: authenticator 41 CE 20 F8 9C 9C 46 64 - 7B ED 3E 00 AC E3 F5 21
Jan 8 04:43:00.171: RADIUS: User-Name [1] 16 "xxx.com"
Jan 8 04:43:00.171: RADIUS: User-Password [2] 18 *
Jan 8 04:43:00.171: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Jan 8 04:43:00.171: RADIUS: NAS-Port [5] 6 0
Jan 8 04:43:00.171: RADIUS: NAS-Port-Id [87] 11 "0/0/1/202"
Jan 8 04:43:00.171: RADIUS: Service-Type [6] 6 Outbound [5]
Jan 8 04:43:00.171: RADIUS: NAS-IP-Address [4] 6 203.146.23.78
Jan 8 04:43:00.171: RADIUS(0000004C): Started 7 sec timeout
Jan 8 04:43:00.175: RADIUS: Received from id 1645/61 203.146.237.58:1645, Access-Reject, len 44
Jan 8 04:43:00.175: RADIUS: authenticator 8B F5 E4 96 A1 DF 77 58 - CE 0A BA 55 47 02 01 28
Jan 8 04:43:00.175: RADIUS: Reply-Message [18] 24
Jan 8 04:43:00.175: RADIUS: 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 66 [Authentication f]
Jan 8 04:43:00.175: RADIUS: 61 69 6C 75 72 65 [ ailure]
Jan 8 04:43:00.175: RADIUS(0000004C): Received from id 1645/61
Jan 8 04:43:00.175: RADIUS/DECODE: Reply-Message fragments, 22, total 22 bytes
Jan 8 04:43:00.176: RADIUS/ENCODE(0000004C):Orig. component type = PPPoE
Jan 8 04:43:00.176: RADIUS: AAA Unsupported Attr: interface [223] 9
Jan 8 04:43:00.176: RADIUS: 30 2F 30 2F 31 2F 32 [ 0/0/1/2]
Jan 8 04:43:00.176: RADIUS: AAA Unsupported Attr: client-mac-address[45] 14
Jan 8 04:43:00.176: RADIUS: 38 34 38 66 2E 36 39 63 61 2E 37 31 [ 848f.69ca.71]
Jan 8 04:43:00.176: RADIUS(0000004C): Config NAS IP: 0.0.0.0
Jan 8 04:43:00.176: RADIUS(0000004C): Config NAS IPv6: ::
Jan 8 04:43:00.176: RADIUS/ENCODE(0000004C): acct_session_id: 65
Jan 8 04:43:00.176: RADIUS(0000004C): sending
Jan 8 04:43:00.176: RADIUS/ENCODE: Best Local IP-Address 203.146.23.78 for Radius-Server 203.146.237.58
Jan 8 04:43:00.176: RADIUS(0000004C): Send Access-Request to 203.146.237.58:1645 id 1645/62, len 110
Jan 8 04:43:00.176: RADIUS(0000004C): Sending a IPv4 Radius Packet
Jan 8 04:43:00.176: RADIUS(0000004C): Send Access-Request to 203.146.237.58:1645 id 1645/62, len 110
Jan 8 04:43:00.176: RADIUS: authenticator 12 55 FB 6C F8 B7 A7 29 - 5A A6 00 F1 8A C1 FF 1C
Jan 8 04:43:00.176: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jan 8 04:43:00.177: RADIUS: User-Name [1] 31 "testcas2048_20@xxx.com"
Jan 8 04:43:00.177: RADIUS: User-Password [2] 18 *
Jan 8 04:43:00.177: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Jan 8 04:43:00.177: RADIUS: NAS-Port [5] 6 0
Jan 8 04:43:00.177: RADIUS: NAS-Port-Id [87] 11 "0/0/1/202"
Jan 8 04:43:00.177: RADIUS: Service-Type [6] 6 Framed [2]
Jan 8 04:43:00.177: RADIUS: NAS-IP-Address [4] 6 203.146.23.78
Jan 8 04:43:00.177: RADIUS(0000004C): Started 7 sec timeout
Jan 8 04:43:00.257: RADIUS: Received from id 1645/62 203.146.237.58:1645, Access-Accept, len 258
Jan 8 04:43:00.257: RADIUS: authenticator CA 78 AD 61 87 A7 4E 7B - F4 7B B0 49 8C 18 1D C2
Jan 8 04:43:00.257: RADIUS: Framed-Protocol [7] 6 PPP [1]
Jan 8 04:43:00.257: RADIUS: Service-Type [6] 6 Framed [2]
Jan 8 04:43:00.257: RADIUS: Vendor, Cisco [26] 195
Jan 8 04:43:00.257: RADIUS: Cisco AVpair [1] 189 "lcp:interface-config=rate-limit input 512000 96000 192000 conform-action transmit exceed-action drop\nrate-limit output 15360000 2880000 5760000 conform-action transmit exceed-action drop"
Jan 8 04:43:00.257: RADIUS: Vendor, Cisco [26] 25
Jan 8 04:43:00.257: RADIUS: Cisco AVpair [1] 19 "ip:addr-pool=TEST"
Jan 8 04:43:00.257: RADIUS: Session-Timeout [27] 6 36000
Jan 8 04:43:00.257: RADIUS(0000004C): Received from id 1645/62
TEST-BRAS
01-16-2015 01:24 AM
Hello.
I guess the issue could be caused by interface-config command "rate-limit".
ASRs do not support the command; and you should use "policy-map" with shaper/policer instead.
As a test - try to remove the option from your Radius and see if ASR succeed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide