cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4085
Views
5
Helpful
1
Replies

[radius source-interface not working]

Carlos A. Silva
Level 3
Level 3

Dear CSC:

I'm running XR version 4.2.1 on an ASR9010 with RSP440. (went through all mandatory SMUs when upgraded from 4.2.0,etc). I'm trying to run radius AAA authen/autho on it and radius packets originating from interface loopback X is a must.

For some reason, all radius packets are being originated from the Ip address of the uplink interface (G0/5/0/0).

LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: rctx found is 0x504a2b18

LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: Reached retry count for the server 3,Trying to move to next server

LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: Server X.X.X.X/1812/1813 is UP  & Quarantined: NO

LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: rad_nas_reply_to_client: Received response from id : 39,packet type 1

LC/0/5/CPU0:Jul 16 12:30:59.633 : radiusd[312]: rad_nas_reply_to_client: Sending failover message to client

LC/0/5/CPU0:Jul 16 12:30:59.633 : radiusd[312]: Received request [handle 0x504a1e94] with server-group   : axtel

LC/0/5/CPU0:Jul 16 12:30:59.633 : radiusd[312]: Building header for the Authorization request

LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: radius_get_prfrd_srvr_info: Retrive Preferred Server info from attr list

LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: radius_get_prfrd_srvr_info: Preferred server handle is set to NULL

LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: (handle_nas_req) Couldn't retrive the preferred server info

LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: Trying to find the first radius server to use.

LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: Created transaction_id (FF00000D) for server group F000001

LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: Server X.X.X.X/1812/1813 is UP  & Quarantined: NO

LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: Picking the rad id 40:0 sockfd 0x5042844C

LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: rctx 0x504a2f54 added successfully

LC/0/5/CPU0:Jul 16 12:30:59.636 : radiusd[312]: Got IP address: 192.168.1.13

LC/0/5/CPU0:Jul 16 12:30:59.636 : radiusd[312]: IP source address aaa util format: 192.168.1.13

LC/0/5/CPU0:Jul 16 12:30:59.636 : radiusd[312]: NAS best local address = 192.168.1.13

LC/0/5/CPU0:Jul 16 12:30:59.637 : radiusd[312]: Got global deadtime 0

LC/0/5/CPU0:Jul 16 12:30:59.637 : radiusd[312]: Using global deadtime = 0 sec

LC/0/5/CPU0:Jul 16 12:30:59.637 : radiusd[312]: Start timer thread rad_ident 40 remote_port 1812 remote_addr 0xc99ef19a, socket 1346536524 rctx 0x504a2f54

Here's some relevant config:

!

interface Loopback0

ipv4 address 200.Y.Y.Y 255.255.255.255

!

interface GigabitEthernet0/5/0/0

description INTERFASE HACIA LA NUBE

ipv4 address 192.168.1.13 255.255.255.252

!

hostname ASR-9K-BNG

tftp vrf default ipv4 server homedir disk0:

telnet vrf default ipv4 server max-servers 10

radius source-interface Loopback0 vrf default

radius-server host X.X.X.X auth-port 1812 acct-port 1813

key 7 00050B120157

!

aaa group server radius xxxx

server X.X.X.X auth-port 1812 acct-port 1813

source-interface Loopback0

!

aaa accounting subscriber TESTRADIUS group xxxx

aaa authorization subscriber TESTRADIUS group radius group xxxx

aaa authentication subscriber TESTRADIUS group radius group xxxx

aaa authentication ppp TESTRADIUS group xxxx

aaa authentication login default local

I'm not sure if it's relevant, but I'm running BNG funcionality and the source-interface command for the tftp server seemed to work just fine. Can't find any SMUs that would solve this issue on 4.2.0 or 4.2.1. Saw a post from another guy that saw this same behavior on 3.8.2 but his post was not answered.

Help anyone? Is there a special command other than what I pasted here that I might be missing?

regards,

c.

1 Reply 1

Alexei Kiritchenko
Cisco Employee
Cisco Employee

Hello C,

We've seen simlar issues due to "CSCua68354    RADIUS : global radius-server key not working".

May you try to configure your radius server as the following instead (specify the key on the server directly)?

!

server-private X.X.X.X auth-port 1812 acct-port 1813

       key 7 00050B120157

!

Regards,

/A