11-14-2008 02:52 AM - edited 03-01-2019 02:08 PM
I'm trying to send a CoA Account-Logon to ISG, but it replies me with NACK.
Nov 14 10:27:19.538: RADIUS: COA received from id 3 172.30.1.130:36233, CoA Request, len 61
Nov 14 10:27:19.538: COA: 172.30.1.130 request queued
Nov 14 10:27:19.538: RADIUS: authenticator 6C 27 9A D4 4A FC 71 A8 - D0 72 1D 0F C0 70 85 DD
Nov 14 10:27:19.538: RADIUS: Vendor, Cisco [26] 22
Nov 14 10:27:19.538: RADIUS: ssg-account-info [250] 16 "S192.168.10.88"
Nov 14 10:27:19.538: RADIUS: User-Name [1] 6 "niki"
Nov 14 10:27:19.538: RADIUS: Vendor, Cisco [26] 13
Nov 14 10:27:19.538: RADIUS: ssg-command-code [252] 7
Nov 14 10:27:19.538: RADIUS: 01 6E 69 6B 69 [Account-Log-On niki]
Nov 14 10:27:19.538: ++++++ CoA Attribute List ++++++
Nov 14 10:27:19.538: 6427C44C 0 00000009 ssg-account-info(418) 14 S192.168.10.88
Nov 14 10:27:19.538: 6427C6BC 0 00000009 username(386) 4 niki
Nov 14 10:27:19.538: 6427C6CC 0 00000009 ssg-command-code(420) 5 01 6E 69 6B 69
Nov 14 10:27:19.538:
Nov 14 10:27:19.538: RADIUS/ENCODE(0000000B):Orig. component type = IEDGE_IP_SIP
Nov 14 10:27:19.538: RADIUS(0000000B): sending
Nov 14 10:27:19.538: RADIUS(0000000B): Send CoA Nack Response to 172.30.1.130:36233 id 3, len 114
Nov 14 10:27:19.538: RADIUS: authenticator 25 E1 26 7F 47 11 2F F9 - C7 46 72 12 10 7A 9C 24
Nov 14 10:27:19.538: RADIUS: Vendor, Cisco [26] 15
Nov 14 10:27:19.538: RADIUS: ssg-command-code [252] 9
Nov 14 10:27:19.538: RADIUS: 10 32 3B 6E 69 6B 69 [Error-Code 2;niki]
Nov 14 10:27:19.538: RADIUS: Vendor, Cisco [26] 25
Nov 14 10:27:19.538: RADIUS: ssg-account-info [250] 19 "$MA0016.44c7.8336"
Nov 14 10:27:19.538: RADIUS: Vendor, Cisco [26] 22
Nov 14 10:27:19.538: RADIUS: ssg-account-info [250] 16 "S192.168.10.88"
Nov 14 10:27:19.538: RADIUS: Reply-Message [18] 26
Nov 14 10:27:19.538: RADIUS: 4D 65 6D 6F 72 79 20 6F 72 20 69 6E 74 65 72 6E [Memory or intern]
Nov 14 10:27:19.538: RADIUS: 61 6C 20 65 72 72 6F 72 [ al error]
Nov 14 10:27:19.538: RADIUS: Dynamic-Author-Error[101] 6 Unsupported Service [405]
Here is a policy-map:
policy-map type control option82
class type control BYE event timed-policy-expiry
1 service disconnect
!
class type control always event session-start
21 service-policy type service name LOCALTRAFF_SERVICE
100 authorize aaa list option82 password cisco identifier mac-address
!
class type control always event session-restart
21 service-policy type service name LOCALTRAFF_SERVICE
100 authorize aaa list option82 password cisco identifier mac-address
!
class type control always event account-logon
10 authenticate aaa list weblogin
20 service-policy type service unapply name INETTRAFF3_SERVICE
!
And part of a user profile:
Unique Session ID: 1
Identifier: 0016.44c7.8336
SIP subscriber access type(s): IP
Current SIP options: Req Fwding/Req Fwded
Session Up-time: 00:30:47, Last Changed: 00:30:45
Policy information:
Authentication status: authen
Active services associated with session:
name "INETTRAFF3_SERVICE"
name "LOCALTRAFF_SERVICE", applied before account logon
Rules, actions and conditions executed:
subscriber rule-map option82
condition always event session-start
21 service-policy type service name LOCALTRAFF_SERVICE
100 authorize aaa list option82 identifier mac-address
This happends on 7301 with c7301-isu2-mz.122-31.SB13.bin and c7301-advipservicesk9_li-mz.122-33.SRD.bin