cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2406
Views
5
Helpful
10
Replies

PPPOE users Stucking in Radius Server

mustafa.basim85
Level 1
Level 1

Hi Everyone ,

i have PPPOE server which is configured in Cisco router 3800 and Radius server , everything is working fine but the issue is when the user is disconnected from the PPPOE  server the user remain stucking in radius server and the user will not be able to connect again , when disconnect the user manually from radius server the user will able to connect again,

My Topology Below :

pppoe.PNG

My Configuration :

aaa new-model
!
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius
!
!
!
!
aaa server radius dynamic-author
client 20.20.20.20 server-key 10mn
server-key 10mn
port 1812
auth-type any
ignore session-key
!
radius-server attribute 6 on-for-login-auth
radius-server attribute nas-port-id include vendor-class-id plus remote-id plus circuit-id
radius-server host 20.20.20.20 auth-port 1812 acct-port 1813
radius-server key 10mn

!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool PPPOE
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 8.8.8.8
!
!
!
bba-group pppoe NUM
virtual-template 10
!
interface Virtual-Template10
ip unnumbered Loopback10
ip mtu 1492
ip tcp adjust-mss 1452
peer default ip address dhcp-pool PPPOE
ppp mtu adaptive
ppp authentication pap
!
interface Loopback10
ip address 10.10.10.1 255.255.255.255
!
interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
pppoe enable group NUM
!
interface Virtual-Template10
ip unnumbered Loopback10
ip mtu 1492
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
peer default ip address dhcp-pool PPPOE
ppp mtu adaptive
ppp authentication pap

 

 

 

 

Will really appreciate it if you can help me. 

10 Replies 10

Hello,

 

RADIUS attribute 27 (session-timeout) and/or 28 (idle-timeout) is probably what you need, I don't think IOS supports either one (check what options are available 'radius-server attribute ?)...

 

What RADIUS server are you using ? Can you set these attributes on the server ?

Dear Georg ,

thanks for reply ,

the attribute options are:

PPP(config)#radius-server attribute ?
11 Filter-Id attribute configuration
188 Num-In-Multilink attribute configuration
218 Address-Pool attribute
25 Class attribute
30 DNIS attribute
31 Calling Station ID
32 NAS-Identifier attribute
4 NAS IP address attribute
44 Acct-Session-Id attribute
55 Event-Timestamp attribute
6 Service-Type attribute
69 Tunnel-Password attribute
77 Connect-Info attribute
8 Framed IP address attribute
87 Nas Port ID
list List of Attribute Types
nas-port NAS-Port attribute configuration

 

i am using the radcontrol as radius server .
 

Hello,

 

is that Radcontrol as on Radcontrol.org ? From what I can see in the documentation, there is no option to configure these attributes...

 

Either way, what do you do, that is, what command do you use on the 3800, to clear the users manually ? Maybe we can schedule these commands based on certain parameters...

correct i use radcontrol.org , i use this command to clear the session :

PPP#clear pppoe all

Hello,

 

how often do you have to issue that command ? You could automate the process with a KRON scheduler and run it let's say every day at midnight:

 

event manager applet CLEAR_PPPOE
event timer cron cron-entry "0 0 * * *" maxrun 9999999
action 1.0 cli command "enable"
action 2.0 cli command "clear pppoe all"

 

That said, the command 'clear pppoe all' disconnects all your users, whereas 'clear pppoe rmac' clears the session for just one client, provided you know which MAC address you need to clear. What is your log showing, are you logging the users and MAC addresses ?

Dear Georg ,

when i issue this command (clear pppoe all ) all users will disconnect from PPPOE server,  but when i am checking the radius server i find all the users are still connecting ,

it's just like the PPPOE server not updating the radius server when the user disconnecting from PPPOE server .

 

if i replaced the current router with another one which support the attributes (27,28) , what you suggest  to use?

 

thanks in advance

Hello,

 

rather then another router, I would consider a different RADIUS server such as FreeRADIUS, which supports these attributes.

 

Either way, how often do you need to issue that command ? Daily ? Multiple times a day ?

Hi ,

if i used freeRADIUS there is no need to configure the attributes in router ?

 

i use the command daily and sometimes multiple times in the day ,

Hello,

 

just another thought: what if you set the 'ppp timeout idle' on the virtual template ?

 

interface Virtual-Template10
ip unnumbered Loopback10
ip mtu 1492
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
peer default ip address dhcp-pool PPPOE
ppp mtu adaptive
ppp authentication pap

--> ppp timeout idle 10

Hi Georg ,

OK , let me try and i will feedback to you .

 

 

many thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: