Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
0
Helpful
1
Replies

ASR9K- Radius Source-interface not working

medhat elsaeed
Level 1
Level 1

‎08-20-2013 05:47 PM

            we are running ASR9K as BNG for PPPoE termination, when configuring the BNG to use the Loopback for the Radius outgoing packets. it ignores the command and use  the outgoing Ip address to reach the radius

we are running IOS XR 4.2.3

radius source-interface Loopback0 vrf default

radius-server host 196.202.78.92 auth-port 1645 acct-port 1646

key 7 1511021F0725

interface Loopback0

ipv4 address 20.20.20.1 255.255.255.255

policy-map type control subscriber test

event session-start match-first

  class type control subscriber test do-until-failure

   10 activate dynamic-template test

  !

!

event session-activate match-first

  class type control subscriber test do-until-failure

   10 authenticate aaa list default

Wed Aug 21 00:30:58.622 UTC

RP/0/RSP0/CPU0:ASR9K#LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: Timeout happened for req rad_ident 57 remote_port 1645 remote_addr 0xc4ca4e5c socket 1347471016 rctx 5047aba4

LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: rctx found is 0x5047aba4

LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: Picking the rad id 58:1 sockfd 0x5050C6A8

LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: rctx 0x5047aba4 added successfully

LC/0/0/CPU0:Aug 21 00:31:02.096 : radiusd[314]: Got IP address: 11.11.11.1

LC/0/0/CPU0:Aug 21 00:31:02.096 : radiusd[314]: IP source address aaa util format: 11.11.11.1

LC/0/0/CPU0:Aug 21 00:31:02.096 : radiusd[314]: NAS best local address = 11.11.11.1

LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Got global deadtime 0

LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Using global deadtime = 0 sec

LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Updated timer thread rad_ident 58 remote_port 1645 remote_addr 0xc4ca4e5c, socket 1347471016 rctx 0x5047aba4

LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Successfully sent packet and started timeout handler for rctx 0x5047aba4

NOTE:

- when using the outgoing ip address as Radius client, the users pass the authentication, but we need to use the loopback instead

- we have tried another interface instead of the loopback with no use too as the BNG still using the outgoing IP address as the source of its radius requests.

Also we have configured it in  a radius server group but with no use too:

aaa group server radius test

server 196.202.78.92 auth-port 1645 acct-port 1646

server-private 196.202.78.92 auth-port 1645 acct-port 1646

  key 7 01100F175804

!

source-interface Loopback0

aaa authentication subscriber test group test

Labels:
0 Helpful
1 Reply 1

xthuijs
Cisco Employee
Cisco Employee

‎08-21-2013 06:11 AM

that area has been a bit buggy in all fairness, but it should be gleaned out in XR43.

XR432 is ocming out shortly which i would want to recommend for BNG.

you can try a proc restart on the radiusd process to see if the source port change takes affect in xr423 as an interim solution.

regards

xander

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents