08-20-2013 05:47 PM
we are running ASR9K as BNG for PPPoE termination, when configuring the BNG to use the Loopback for the Radius outgoing packets. it ignores the command and use the outgoing Ip address to reach the radius
we are running IOS XR 4.2.3
radius source-interface Loopback0 vrf default
radius-server host 196.202.78.92 auth-port 1645 acct-port 1646
key 7 1511021F0725
interface Loopback0
ipv4 address 20.20.20.1 255.255.255.255
policy-map type control subscriber test
event session-start match-first
class type control subscriber test do-until-failure
10 activate dynamic-template test
!
!
event session-activate match-first
class type control subscriber test do-until-failure
10 authenticate aaa list default
Wed Aug 21 00:30:58.622 UTC
RP/0/RSP0/CPU0:ASR9K#LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: Timeout happened for req rad_ident 57 remote_port 1645 remote_addr 0xc4ca4e5c socket 1347471016 rctx 5047aba4
LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: rctx found is 0x5047aba4
LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: Picking the rad id 58:1 sockfd 0x5050C6A8
LC/0/0/CPU0:Aug 21 00:31:02.095 : radiusd[314]: rctx 0x5047aba4 added successfully
LC/0/0/CPU0:Aug 21 00:31:02.096 : radiusd[314]: Got IP address: 11.11.11.1
LC/0/0/CPU0:Aug 21 00:31:02.096 : radiusd[314]: IP source address aaa util format: 11.11.11.1
LC/0/0/CPU0:Aug 21 00:31:02.096 : radiusd[314]: NAS best local address = 11.11.11.1
LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Got global deadtime 0
LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Using global deadtime = 0 sec
LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Updated timer thread rad_ident 58 remote_port 1645 remote_addr 0xc4ca4e5c, socket 1347471016 rctx 0x5047aba4
LC/0/0/CPU0:Aug 21 00:31:02.097 : radiusd[314]: Successfully sent packet and started timeout handler for rctx 0x5047aba4
NOTE:
- when using the outgoing ip address as Radius client, the users pass the authentication, but we need to use the loopback instead
- we have tried another interface instead of the loopback with no use too as the BNG still using the outgoing IP address as the source of its radius requests.
Also we have configured it in a radius server group but with no use too:
aaa group server radius test
server 196.202.78.92 auth-port 1645 acct-port 1646
server-private 196.202.78.92 auth-port 1645 acct-port 1646
key 7 01100F175804
!
source-interface Loopback0
aaa authentication subscriber test group test
08-21-2013 06:11 AM
that area has been a bit buggy in all fairness, but it should be gleaned out in XR43.
XR432 is ocming out shortly which i would want to recommend for BNG.
you can try a proc restart on the radiusd process to see if the source port change takes affect in xr423 as an interim solution.
regards
xander
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: