Hi Guys,
i try to configure a wccp service ( for redirect web traffic to content filtering ) in user profile using radius on VRF.
In a radius server i add the following avpair:
test Cisco-AVPair += lcp:interface-config=ip wccp vrf RACC_XXX web-cache redirect in
Whe try to create a PPPoE session, receive the following error ( via debug radius ):
Request:
4031035: Oct 24 19:02:17.582 GMT: RADIUS: Framed-Protocol [7] 6 PPP [1]
4031036: Oct 24 19:02:17.582 GMT: RADIUS: User-Name [1] 6 "test"
4031037: Oct 24 19:02:17.582 GMT: RADIUS: CHAP-Password [3] 19 *
4031038: Oct 24 19:02:17.582 GMT: RADIUS: Vendor, Cisco [26] 40
4031039: Oct 24 19:02:17.582 GMT: RADIUS: Cisco AVpair [1] 34 "access-loop-encapsulation=000100"
4031040: Oct 24 19:02:17.582 GMT: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
4031041: Oct 24 19:02:17.582 GMT: RADIUS: NAS-Port [5] 6 33557941
4031042: Oct 24 19:02:17.582 GMT: RADIUS: NAS-Port-Id [87] 36 "xxxxx"
4031043: Oct 24 19:02:17.582 GMT: RADIUS: Vendor, Cisco [26] 41
4031044: Oct 24 19:02:17.582 GMT: RADIUS: Cisco AVpair [1] 35 "client-mac-address=xxx.xxx.xxx"
4031045: Oct 24 19:02:17.582 GMT: RADIUS: Vendor, Cisco [26] 57
4031046: Oct 24 19:02:17.582 GMT: RADIUS: Cisco AVpair [1] 51 "xxxx"
4031047: Oct 24 19:02:17.582 GMT: RADIUS: Service-Type [6] 6 Framed [2]
4031048: Oct 24 19:02:17.582 GMT: RADIUS: NAS-IP-Address [4] 6 xx.xx.xx.xx
4031049: Oct 24 19:02:17.582 GMT: RADIUS(00008BD0): Started 5 sec timeout
4031050: Oct 24 19:02:17.587 GMT: RADIUS: Received from id 1645/227 xx.xx.xx.xx:1812, Access-Accept, len 280
4031052: Oct 24 19:02:17.587 GMT: RADIUS: Vendor, Cisco [26] 71
4031053: Oct 24 19:02:17.587 GMT: RADIUS: Cisco AVpair [1] 65 "lcp:interface-config=ip wccp vrf RACC_XX web-cache redirect in"
4031054: Oct 24 19:02:17.587 GMT: RADIUS: Vendor, Cisco [26] 37
4031055: Oct 24 19:02:17.587 GMT: RADIUS: Cisco AVpair [1] 31 "ip:sub-qos-policy-out=DSL-20M"
4031056: Oct 24 19:02:17.587 GMT: RADIUS: Vendor, Microsoft [26] 12
4031057: Oct 24 19:02:17.587 GMT: RADIUS: MS-Primary-DNS [28] 6 xx.xx.xx.xx
4031058: Oct 24 19:02:17.587 GMT: RADIUS: Framed-MTU [12] 6 1492
4031059: Oct 24 19:02:17.587 GMT: RADIUS: Vendor, Microsoft [26] 12
4031060: Oct 24 19:02:17.587 GMT: RADIUS: MS-Secondary-DNS [29] 6 xx.xx.xx.xx
4031061: Oct 24 19:02:17.587 GMT: RADIUS: Framed-Protocol [7] 6 PPP [1]
4031062: Oct 24 19:02:17.587 GMT: RADIUS: Service-Type [6] 6 Framed [2]
4031063: Oct 24 19:02:17.587 GMT: RADIUS: Vendor, Cisco [26] 38
4031064: Oct 24 19:02:17.587 GMT: RADIUS: Cisco AVpair [1] 32 "ip:ip-unnumbered=Loopback20001"
4031065: Oct 24 19:02:17.587 GMT: RADIUS: Vendor, Cisco [26] 26
4031066: Oct 24 19:02:17.587 GMT: RADIUS: Cisco AVpair [1] 20 "ip:vrf-id=RACC_XXX"
4031067: Oct 24 19:02:17.587 GMT: RADIUS: Vendor, Cisco [26] 46
4031068: Oct 24 19:02:17.587 GMT: RADIUS: Cisco AVpair [1] 40 "ip:dns-servers=xx.xx.xx.xx xx.xx.xx.xx"
Response:
4031084: Oct 24 19:02:17.616 GMT: RADIUS: Cisco AVpair [1] 47 "ppp-disconnect-cause=Lower Layer disconnected"
4031098: Oct 24 19:02:17.616 GMT: RADIUS: Acct-Terminate-Cause[49] 6 admin-reset [6]
4031099: Oct 24 19:02:17.616 GMT: RADIUS: Vendor, Cisco [26] 39
4031100: Oct 24 19:02:17.616 GMT: RADIUS: Cisco AVpair [1] 33 "disc-cause-ext=Local Admin Disc"
Part of configuration:
aaa policy interface-config allow-subinterface ( permit to use a lcp:interface-config )
!
no ip wccp variable-timers
ip wccp check services all
ip wccp vrf RACC_XX source-interface GigabitEthernet0/0/0.100
ip wccp vrf RACC_XX web-cache group-list WEB-PROXY
Sh VER:
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.1(3)S2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Mon 12-Dec-11 15:15 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2011 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
ASR-02-BS uptime is 16 weeks, 6 days, 1 hour, 45 minutes
Uptime for this control processor is 16 weeks, 6 days, 1 hour, 48 minutes
System returned to ROM by reload at 17:19:21 CET Thu Jun 28 2012
System restarted at 17:22:58 GMT Thu Jun 28 2012
System image file is "bootflash:/asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin"
Last reload reason: LocalSoft
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco ASR1002 (2RU) processor with 1700062K/6147K bytes of memory.
4 Gigabit Ethernet interfaces
1 ATM interface
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7757823K bytes of eUSB flash at bootflash:.
Configuration register is 0x2102
Any ideas?
Many Thanks
