cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ASR9K BNG domain name selection example

513
Views
0
Helpful
0
Comments

This is a deployment requirement i met recently with complicated policy-plane and radius handling based on domain name.

 

1, for user1, default policy should be applied.

2, for user2, default policy should be applied except that address should be assigned from an alternative pool , this must be implemented via a new service activated by radius server upon authentication called "BTUSER" in this example, rather than individual radius attributes.

3 for user3 who come with a particular domain name, ( saying user3@vipb) , the session should be put into a certain vrf ( again, via a service named "bgpuser" downloaded from radius server rather than individual radius attribute, for future flexibility), and the domain name must be stripped before sending to radius as username.

 

here is the configure and debug display.

 

aaa attribute format DOMAIN

 username-strip prefix-delimiter @

!

aaa attribute format USERNAME_ONLY

 username-strip suffix-delimiter @

 

 

 

 

class-map type control subscriber match-all vipb

 match protocol ppp 

 match domain vipb format DOMAIN

 end-class-map

class-map type control subscriber match-any CLASS_PTA

 match protocol ppp 

 end-class-map

 

 

dynamic-template

 type ppp BTUSER

  ppp ipcp dns 211.162.47.1 211.162.47.2

  ppp ipcp mask 255.255.255.255

  ppp ipcp peer-address pool BTUSER_IP_POOL

  ipv4 unnumbered Loopback0

  ipv4 access-group HTTP_Deny egress

 !

 type ppp bgpuser

  ppp ipcp dns 211.162.47.1 211.162.47.2

  ppp ipcp mask 255.255.255.255

  ppp ipcp peer-address pool VIPB_IP_POOL

  vrf vipb_vrf

  ipv4 unnumbered Loopback1

  ipv4 access-group HTTP_Deny egress

 !

 type ppp PPPOEUSER

  ppp ipcp dns 211.162.47.1 211.162.47.2

  ppp ipcp mask 255.255.255.255

  ppp ipcp peer-address pool PPPOEUSER_IP_POOL

  ipv4 unnumbered Loopback0

  ipv4 access-group HTTP_Deny egress

 !

 type ppp PPP_BASIC

  ppp authentication pap chap

  ppp lcp delay 1

  keepalive 60 3

  ppp ipv6cp prot-rej

 !

 type ppp VIPB_PPPoE

  ppp ipcp dns 211.162.47.1 211.162.47.2

  ppp ipcp mask 255.255.255.255

  ppp ipcp peer-address pool VIPB_IP_POOL

  vrf vipb_vrf

  ipv4 unnumbered Loopback1

 !

 

 

 

 

 

policy-map type control subscriber PPP_1
 event session-start match-all
  class type control subscriber CLASS_PTA do-until-failure
   10 activate dynamic-template PPP_BASIC
  ! 
 ! 
 event session-activate match-first
  class type control subscriber vipb do-until-failure
   10 activate dynamic-template VIPB_PPPoE
   20 authorize aaa list default format USERNAME_ONLY password use-from-line
  ! 
  class type control subscriber CLASS_PTA do-all
   1 activate dynamic-template PPPOEUSER
   20 authenticate aaa list default
  ! 
 ! 
 end-policy-map

 

 

 

##################### log#######

  

user1 

 

--------------------------------------------------------------------------------

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#RP/0/RSP0/CPU0:Jun 16 01:30:00.740 : radiusd[1133]: Received request [handle 0x101cd758] with server-group   : GRP1

RP/0/RSP0/CPU0:Jun 16 01:30:00.740 : radiusd[1133]: Building header for the Authentication request

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: radius_get_prfrd_srvr_info: Retrive Preferred Server info from attr list

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: radius_get_prfrd_srvr_info: Preferred server handle is set to NULL

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: (handle_nas_req) Couldn't retrive the preferred server info 

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Trying to find the first radius server to use.

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Created transaction_id (99000033) for server group BB000001

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Copying remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Copying remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Picking the rad id 131:2 sockfd 0x10059F9C

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: rctx 0x101f03e0 added successfully

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS: Send Access-Request to 200.1.1.100:1812 id 131, len 266

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  authenticator 26 25 76 20 E6 5E AA 63 - 25 4B E7 11 83 C7 E1 82

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    41      

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    35      client-mac-address=3cc2.c15b.0000

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Acct-Session-Id     [44]    10      00004684

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  NAS-Port-Id         [87]    14      0/0/4009/990

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    20      

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:   cisco-nas-port      [2]    14      0/0/4009/990

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  User-Name           [1]     7       user1   

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Service-Type        [6]     6       Framed[2] 

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  User-Password       [2]     18      *       

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  AAA Unsupported Attr: user-maxlinks [196]    6

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    33      

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    27      connect-progress=LCP Open

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Framed-Protocol     [7]     6       PPP[1]  

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  NAS-Port-Type       [61]    6       Virtual PPPoEoVLAN[36] 

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Event-Timestamp     [55]    6       1434443400

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  Nas-Identifier      [32]    19      FEATURE_1_SANDBOX

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  NAS-IP-Address      [4]     6       1.1.1.11

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]:  RADIUS:  NAS-IPv6-Address    [95]    48      ::      

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Got global deadtime 0

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Using global deadtime = 0 sec

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Start timer thread rad_ident 131 remote_port 1812 remote_addr 200.1.1.100, socket 268803996 rctx 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:30:00.741 : radiusd[1133]: Successfully sent packet and started timeout handler for rctx 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: rctx found is 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: Radius packet decryption complete with rc = 0

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]:  RADIUS: Received from id 131 200.1.1.100:1812, Access-Accept, len 20

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]:  RADIUS:  authenticator 7B 2F 79 48 A2 83 AC 67 - CF 33 65 82 B3 EB F5 E0

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: Freeing server group transaction_id (99000033)

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: pack_length = 20 radius_len = 20

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: Calling app inf callback

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: rad_nas_reply_to_client: Received response from id : 131,packet type 2

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: (rad_nas_reply_to_client) Successfully decoded the response No error: PASS

RP/0/RSP0/CPU0:Jun 16 01:30:00.743 : radiusd[1133]: (rad_nas_reply_to_client) Successfully stored the preferred server info 

 

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber  sess al  de  in 

Tue Jun 16 01:30:28.887 PDT

Interface:                Bundle-Ether4009.99.pppoe139

Circuit ID:               Unknown

Remote ID:                Unknown

Type:                     PPPoE:PTA

IPv4 State:               Up, Tue Jun 16 01:30:00 2015

IPv4 Address:             50.0.0.1, VRF: default

IPv4 Up helpers:          0x00000020 {PPP}

IPv4 Up requestors:       0x00000020 {PPP}

IPv6 State:               Down, Tue Jun 16 01:30:00 2015

Mac Address:              3cc2.c15b.0000

Account-Session Id:       00004684

Nas-Port:                 Unknown

User name:                user1

Formatted User name:      unknown

Client User name:         unknown

Outer VLAN ID:            990

Subscriber Label:         0x00000043

Created:                  Tue Jun 16 01:30:00 2015

State:                    Activated

Authentication:           authenticated

Authorization:            unauthorized

Ifhandle:                 0x00004fe0

Session History ID:       23

Access-interface:         Bundle-Ether4009.99

SRG Flags:                0x00000000

Policy Executed: 

 

  event Session-Start match-all [at Tue Jun 16 01:30:00 2015]

    class type control subscriber CLASS_PTA do-until-failure [Succeeded]

      10 activate dynamic-template PPP_BASIC [cerr: No error][aaa: Success]

  event Session-Activate match-first [at Tue Jun 16 01:30:00 2015]

    class type control subscriber CLASS_PTA do-all [Succeeded]

      1 activate dynamic-template PPPOEUSER [cerr: No error][aaa: Success]

      20 authenticate aaa list default [cerr: No error][aaa: Success]

Session Accounting: disabled

Last COA request received: unavailable

User Profile received from AAA: None

Services:

  Name        : PPP_BASIC

  Service-ID  : 0x4000006

  Type        : Template

  Status      : Applied

-------------------------

  Name        : PPPOEUSER

  Service-ID  : 0x4000005

  Type        : Template

  Status      : Applied

-------------------------

[Last IPv6 down]

Disconnect Reason:        

Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)

Abort Cause:              AAA_AV_ABORT_CAUSE_NO_REASON (0)

Terminate Cause:          AAA_AV_TERMINATE_CAUSE_NONE (0)

Disconnect called by:     [iEdge internal]

[Event History]

   Jun 16 01:30:00.832 SUBDB produce done [many]

   Jun 16 01:30:00.832 IPv4 Up

 

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber running-config    subscriber-label   0x00000043

Tue Jun 16 01:31:04.630 PDT

Building configuration...

!! IOS XR Configuration 5.3.1.05I

subscriber-label 0x43

dynamic-template

 type ppp PPPOEUSER

  ipv4 unnumbered Loopback0

  ipv4 access-group HTTP_Deny egress

  ppp ipcp dns 211.162.47.1 211.162.47.2

  ppp ipcp peer-address pool PPPOEUSER_IP_POOL

  ppp ipcp mask 255.255.255.255

 !

 type ppp PPP_BASIC

  ppp ipv6cp prot-rej

  ppp authentication pap chap

  ppp lcp delay 1

  keepalive 60 3

 !

!

end

 

Building configuration...

!! IOS XR Configuration 5.3.1.05I

subscriber-label 0x43

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber database   association   

Tue Jun 16 01:31:39.052 PDT

 

Location 0/RSP0/CPU0

 

Bundle-Ether4009.99.pppoe139, subscriber label 0x43

  Name                            Template Type

  --------                        -------------

  PPPOEUSER                       PPP

  PPP_BASIC                       PPP

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh pool ipv4

Tue Jun 16 01:32:22.098 PDT

 

              Allocation Summary

---------------------------------------------------

 

Used: 2

Excl: 0

Free: 1014

Total: 1016

Utilization: 0%

 

 

 Pool Name    Pool ID      VRF      Used    Excl    Free   Total

-----------  ---------  ---------  ------  ------  ------ -------

BTUSER_IP_POOL      4     default           0      0    254    254

PPPOEUSER_IP_POOL      5     default           1      0    253    254

S99_DHCP_POOL_1      1     default           1      0    253    254

VIPB_IP_POOL      6    vipb_vrf           0      0    254    254

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

user 2

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#RP/0/RSP0/CPU0:Jun 16 01:33:24.008 : radiusd[1133]: Received request [handle 0x101cd758] with server-group   : GRP1

RP/0/RSP0/CPU0:Jun 16 01:33:24.008 : radiusd[1133]: Building header for the Authentication request

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: radius_get_prfrd_srvr_info: Retrive Preferred Server info from attr list

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: radius_get_prfrd_srvr_info: Preferred server handle is set to NULL

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: (handle_nas_req) Couldn't retrive the preferred server info 

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Trying to find the first radius server to use.

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Created transaction_id (A8000034) for server group BB000001

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Copying remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Copying remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Picking the rad id 132:2 sockfd 0x10059F9C

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: rctx 0x101f03e0 added successfully

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS: Send Access-Request to 200.1.1.100:1812 id 132, len 266

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  authenticator FC 27 33 3D B6 10 ED 23 - 65 58 8E C3 02 37 85 7B

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    41      

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    35      client-mac-address=3cc2.c15b.0000

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Acct-Session-Id     [44]    10      00004685

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  NAS-Port-Id         [87]    14      0/0/4009/990

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    20      

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:   cisco-nas-port      [2]    14      0/0/4009/990

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  User-Name           [1]     7       user2   

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Service-Type        [6]     6       Framed[2] 

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  User-Password       [2]     18      *       

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  AAA Unsupported Attr: user-maxlinks [196]    6

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    33      

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    27      connect-progress=LCP Open

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Framed-Protocol     [7]     6       PPP[1]  

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  NAS-Port-Type       [61]    6       Virtual PPPoEoVLAN[36] 

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Event-Timestamp     [55]    6       1434443604

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  Nas-Identifier      [32]    19      FEATURE_1_SANDBOX

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  NAS-IP-Address      [4]     6       1.1.1.11

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]:  RADIUS:  NAS-IPv6-Address    [95]    48      ::      

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Got global deadtime 0

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Using global deadtime = 0 sec

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Start timer thread rad_ident 132 remote_port 1812 remote_addr 200.1.1.100, socket 268803996 rctx 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:33:24.009 : radiusd[1133]: Successfully sent packet and started timeout handler for rctx 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: rctx found is 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: Radius packet decryption complete with rc = 0

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]:  RADIUS: Received from id 132 200.1.1.100:1812, Access-Accept, len 37

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]:  RADIUS:  authenticator 5E 04 91 55 31 38 E7 38 - BE 52 54 E1 25 AA 46 46

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    17      

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    11      sa=BTUSER

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: Freeing server group transaction_id (A8000034)

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: pack_length = 37 radius_len = 37

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: Calling app inf callback

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: rad_nas_reply_to_client: Received response from id : 132,packet type 2

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: RADIUS: parsing sevice 'BTUSER' (len 6)

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: (rad_nas_reply_to_client) Successfully decoded the response No error: PASS

RP/0/RSP0/CPU0:Jun 16 01:33:24.010 : radiusd[1133]: (rad_nas_reply_to_client) Successfully stored the preferred server info 

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh sub                

sub-util  subscriber  

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh sub sess al de in

% Ambiguous command:  "sh sub sess al de in"

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber  sess al de internal 

Tue Jun 16 01:33:46.828 PDT

Interface:                Bundle-Ether4009.99.pppoe140

Circuit ID:               Unknown

Remote ID:                Unknown

Type:                     PPPoE:PTA

IPv4 State:               Up, Tue Jun 16 01:33:24 2015

IPv4 Address:             51.0.0.3, VRF: default

IPv4 Up helpers:          0x00000020 {PPP}

IPv4 Up requestors:       0x00000020 {PPP}

IPv6 State:               Down, Tue Jun 16 01:33:23 2015

Mac Address:              3cc2.c15b.0000

Account-Session Id:       00004685

Nas-Port:                 Unknown

User name:                user2

Formatted User name:      unknown

Client User name:         unknown

Outer VLAN ID:            990

Subscriber Label:         0x00000044

Created:                  Tue Jun 16 01:33:23 2015

State:                    Activated

Authentication:           authenticated

Authorization:            unauthorized

Ifhandle:                 0x00005020

Session History ID:       20

Access-interface:         Bundle-Ether4009.99

SRG Flags:                0x00000000

Policy Executed: 

 

  event Session-Start match-all [at Tue Jun 16 01:33:23 2015]

    class type control subscriber CLASS_PTA do-until-failure [Succeeded]

      10 activate dynamic-template PPP_BASIC [cerr: No error][aaa: Success]

  event Session-Activate match-first [at Tue Jun 16 01:33:24 2015]

    class type control subscriber CLASS_PTA do-all [Succeeded]

      1 activate dynamic-template PPPOEUSER [cerr: No error][aaa: Success]

      20 authenticate aaa list default [cerr: No error][aaa: Success]

Session Accounting: disabled

Last COA request received: unavailable

User Profile received from AAA:

 Attribute List: 0x1000eb24

Services:

  Name        : PPP_BASIC

  Service-ID  : 0x4000006

  Type        : Template

  Status      : Applied

-------------------------

  Name        : PPPOEUSER

  Service-ID  : 0x4000005

  Type        : Template

  Status      : Applied

-------------------------

  Name        : BTUSER

  Service-ID  : 0x4000003

  Type        : Multi Template

  Status      : Applied

-------------------------

[Last IPv6 down]

Disconnect Reason:        

Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)

Abort Cause:              AAA_AV_ABORT_CAUSE_NO_REASON (0)

Terminate Cause:          AAA_AV_TERMINATE_CAUSE_NONE (0)

Disconnect called by:     [iEdge internal]

[Event History]

   Jun 16 01:33:24.096 SUBDB produce done [many]

   Jun 16 01:33:24.096 IPv4 Up

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber running-config    subscriber-label   0x00000044

Tue Jun 16 01:34:06.465 PDT

Building configuration...

!! IOS XR Configuration 5.3.1.05I

subscriber-label 0x44

dynamic-template

 type ppp BTUSER

  ipv4 unnumbered Loopback0

  ipv4 access-group HTTP_Deny egress

  ppp ipcp dns 211.162.47.1 211.162.47.2

  ppp ipcp peer-address pool BTUSER_IP_POOL

  ppp ipcp mask 255.255.255.255

 !

 type ppp PPP_BASIC

  ppp ipv6cp prot-rej

  ppp authentication pap chap

  ppp lcp delay 1

  keepalive 60 3

 !

!

end

 

Building configuration...

!! IOS XR Configuration 5.3.1.05I

subscriber-label 0x44

end

 

* Suffix indicates the configuration item can be added by aaa server only

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber database   association                         

Tue Jun 16 01:34:15.661 PDT

 

Location 0/RSP0/CPU0

 

Bundle-Ether4009.99.pppoe140, subscriber label 0x44

  Name                            Template Type

  --------                        -------------

  BTUSER                          PPP

  PPPOEUSER                       PPP

  PPP_BASIC                       PPP

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh pool ipv4

Tue Jun 16 01:34:24.772 PDT

 

              Allocation Summary

---------------------------------------------------

 

Used: 2

Excl: 0

Free: 1014

Total: 1016

Utilization: 0%

 

 

 Pool Name    Pool ID      VRF      Used    Excl    Free   Total

-----------  ---------  ---------  ------  ------  ------ -------

BTUSER_IP_POOL      4     default           1      0    253    254

PPPOEUSER_IP_POOL      5     default           0      0    254    254

S99_DHCP_POOL_1      1     default           1      0    253    254

VIPB_IP_POOL      6    vipb_vrf           0      0    254    254

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

user3  ( user3@vipb is the client username, but only user3 is sent in radius)

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#RP/0/RSP0/CPU0:Jun 16 01:35:14.628 : radiusd[1133]: Received request [handle 0x101cd758] with server-group   : GRP1

RP/0/RSP0/CPU0:Jun 16 01:35:14.628 : radiusd[1133]: Building header for the Authorization request

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: radius_get_prfrd_srvr_info: Retrive Preferred Server info from attr list

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: radius_get_prfrd_srvr_info: Preferred server handle is set to NULL

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: (handle_nas_req) Couldn't retrive the preferred server info 

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Trying to find the first radius server to use.

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Created transaction_id (A2000035) for server group BB000001

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Copying remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Copying remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Remote address 200.1.1.100

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Picking the rad id 133:2 sockfd 0x10059F9C

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: rctx 0x101f03e0 added successfully

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS: Send Access-Request to 200.1.1.100:1812 id 133, len 266

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  authenticator 4B 17 CA 4D 7D 7D B8 5A - 13 FB C2 95 82 F6 C8 5A

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    41      

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    35      client-mac-address=3cc2.c15b.0000

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Acct-Session-Id     [44]    10      00004686

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  NAS-Port-Id         [87]    14      0/0/4009/990

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    20      

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:   cisco-nas-port      [2]    14      0/0/4009/990

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  User-Name           [1]     7       user3   

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Service-Type        [6]     6       Framed[2] 

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  User-Password       [2]     18      *       

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  AAA Unsupported Attr: user-maxlinks [196]    6

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    33      

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    27      connect-progress=LCP Open

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Framed-Protocol     [7]     6       PPP[1]  

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  NAS-Port-Type       [61]    6       Virtual PPPoEoVLAN[36] 

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Event-Timestamp     [55]    6       1434443714

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  Nas-Identifier      [32]    19      FEATURE_1_SANDBOX

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  NAS-IP-Address      [4]     6       1.1.1.11

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]:  RADIUS:  NAS-IPv6-Address    [95]    48      ::      

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Got global deadtime 0

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Using global deadtime = 0 sec

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Start timer thread rad_ident 133 remote_port 1812 remote_addr 200.1.1.100, socket 268803996 rctx 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:35:14.629 : radiusd[1133]: Successfully sent packet and started timeout handler for rctx 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: rctx found is 0x101f03e0

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: Radius packet decryption complete with rc = 0

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]:  RADIUS: Received from id 133 200.1.1.100:1812, Access-Accept, len 38

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]:  RADIUS:  authenticator 97 C2 C3 DE 06 45 85 80 - 6D 54 47 DF FF DC 51 F2

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]:  RADIUS:  Vendor,Cisco        [26]    18      

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]:  RADIUS:   Cisco AVpair        [1]    12      sa=bgpuser

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: Freeing server group transaction_id (A2000035)

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: pack_length = 38 radius_len = 38

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: Calling app inf callback

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: rad_nas_reply_to_client: Received response from id : 133,packet type 2

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: RADIUS: parsing sevice 'bgpuser' (len 7)

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: (rad_nas_reply_to_client) Successfully decoded the response No error: PASS

RP/0/RSP0/CPU0:Jun 16 01:35:14.630 : radiusd[1133]: (rad_nas_reply_to_client) Successfully stored the preferred server info 

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber  sess al de internal 

Tue Jun 16 01:35:36.342 PDT

Interface:                Bundle-Ether4009.99.pppoe141

Circuit ID:               Unknown

Remote ID:                Unknown

Type:                     PPPoE:PTA

IPv4 State:               Up, Tue Jun 16 01:35:14 2015

IPv4 Address:             52.0.0.3, VRF: vipb_vrf

IPv4 Up helpers:          0x00000020 {PPP}

IPv4 Up requestors:       0x00000020 {PPP}

IPv6 State:               Down, Tue Jun 16 01:35:14 2015

Mac Address:              3cc2.c15b.0000

Account-Session Id:       00004686

Nas-Port:                 Unknown

User name:                user3

Formatted User name:      user3

Client User name:         user3@vipb

Outer VLAN ID:            990

Subscriber Label:         0x00000045

Created:                  Tue Jun 16 01:35:14 2015

State:                    Activated

Authentication:           unauthenticated

Authorization:            authorized

Ifhandle:                 0x00005060

Session History ID:       22

Access-interface:         Bundle-Ether4009.99

SRG Flags:                0x00000000

Policy Executed: 

 

  event Session-Start match-all [at Tue Jun 16 01:35:14 2015]

    class type control subscriber CLASS_PTA do-until-failure [Succeeded]

      10 activate dynamic-template PPP_BASIC [cerr: No error][aaa: Success]

  event Session-Activate match-first [at Tue Jun 16 01:35:14 2015]

    class type control subscriber vipb do-until-failure [Succeeded]

      10 activate dynamic-template VIPB_PPPoE [cerr: No error][aaa: Success]

      20 authorize aaa list default [cerr: No error][aaa: Success]

Session Accounting: disabled

Last COA request received: unavailable

User Profile received from AAA:

 Attribute List: 0x1000ed04

Services:

  Name        : PPP_BASIC

  Service-ID  : 0x4000006

  Type        : Template

  Status      : Applied

-------------------------

  Name        : VIPB_PPPoE

  Service-ID  : 0x4000007

  Type        : Template

  Status      : Applied

-------------------------

  Name        : bgpuser

  Service-ID  : 0x4000004

  Type        : Multi Template

  Status      : Applied

-------------------------

[Last IPv6 down]

Disconnect Reason:        

Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)

Abort Cause:              AAA_AV_ABORT_CAUSE_NO_REASON (0)

Terminate Cause:          AAA_AV_TERMINATE_CAUSE_NONE (0)

Disconnect called by:     [iEdge internal]

[Event History]

   Jun 16 01:35:14.816 SUBDB produce done [many]

   Jun 16 01:35:14.944 IPv4 Up

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX# 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber running-config    subscriber-label   0x00000045

Tue Jun 16 01:35:42.570 PDT

Building configuration...

!! IOS XR Configuration 5.3.1.05I

subscriber-label 0x45

dynamic-template

 type ppp bgpuser

  ipv4 unnumbered Loopback1

  ipv4 access-group HTTP_Deny egress

  ppp ipcp dns 211.162.47.1 211.162.47.2

  ppp ipcp peer-address pool VIPB_IP_POOL

  ppp ipcp mask 255.255.255.255

  vrf vipb_vrf

 !

 type ppp PPP_BASIC

  ppp ipv6cp prot-rej

  ppp authentication pap chap

  ppp lcp delay 1

  keepalive 60 3

 !

!

end

 

Building configuration...

!! IOS XR Configuration 5.3.1.05I

subscriber-label 0x45

end

 

* Suffix indicates the configuration item can be added by aaa server only

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber database   association                         

Tue Jun 16 01:35:51.188 PDT

 

Location 0/RSP0/CPU0

 

Bundle-Ether4009.99.pppoe141, subscriber label 0x45

  Name                            Template Type

  --------                        -------------

  bgpuser                         PPP

  VIPB_PPPoE                      PPP

  PPP_BASIC                       PPP

 

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh subscriber database   association   ?

  brief                  Show the subscriber association database information in brief

  dynamic-template-name  Enter Dynamic Template name

  interface-name         Enter interface name

  location               Specify a location

  subscriber-label       Enter subscriber-label

  type                   Template type

  |                      Output Modifiers

  <cr>                   

RP/0/RSP0/CPU0:FEATURE_1_SANDBOX#sh  pool ipv4                          

Tue Jun 16 01:36:15.623 PDT

 

              Allocation Summary

---------------------------------------------------

 

Used: 2

Excl: 0

Free: 1014

Total: 1016

Utilization: 0%

 

 

 Pool Name    Pool ID      VRF      Used    Excl    Free   Total

-----------  ---------  ---------  ------  ------  ------ -------

BTUSER_IP_POOL      4     default           0      0    254    254

PPPOEUSER_IP_POOL      5     default           0      0    254    254

S99_DHCP_POOL_1      1     default           1      0    253    254

VIPB_IP_POOL      6    vipb_vrf           1      0    253    254

 

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey