07-15-2012 04:48 AM
Dear CSC:
I'm running XR version 4.2.1 on an ASR9010 with RSP440. (went through all mandatory SMUs when upgraded from 4.2.0,etc). I'm trying to run radius AAA authen/autho on it and radius packets originating from interface loopback X is a must.
For some reason, all radius packets are being originated from the Ip address of the uplink interface (G0/5/0/0).
LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: rctx found is 0x504a2b18
LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: Reached retry count for the server 3,Trying to move to next server
LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: Server X.X.X.X/1812/1813 is UP & Quarantined: NO
LC/0/5/CPU0:Jul 16 12:30:59.632 : radiusd[312]: rad_nas_reply_to_client: Received response from id : 39,packet type 1
LC/0/5/CPU0:Jul 16 12:30:59.633 : radiusd[312]: rad_nas_reply_to_client: Sending failover message to client
LC/0/5/CPU0:Jul 16 12:30:59.633 : radiusd[312]: Received request [handle 0x504a1e94] with server-group : axtel
LC/0/5/CPU0:Jul 16 12:30:59.633 : radiusd[312]: Building header for the Authorization request
LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: radius_get_prfrd_srvr_info: Retrive Preferred Server info from attr list
LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: radius_get_prfrd_srvr_info: Preferred server handle is set to NULL
LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: (handle_nas_req) Couldn't retrive the preferred server info
LC/0/5/CPU0:Jul 16 12:30:59.634 : radiusd[312]: Trying to find the first radius server to use.
LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: Created transaction_id (FF00000D) for server group F000001
LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: Server X.X.X.X/1812/1813 is UP & Quarantined: NO
LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: Picking the rad id 40:0 sockfd 0x5042844C
LC/0/5/CPU0:Jul 16 12:30:59.635 : radiusd[312]: rctx 0x504a2f54 added successfully
LC/0/5/CPU0:Jul 16 12:30:59.636 : radiusd[312]: Got IP address: 192.168.1.13
LC/0/5/CPU0:Jul 16 12:30:59.636 : radiusd[312]: IP source address aaa util format: 192.168.1.13
LC/0/5/CPU0:Jul 16 12:30:59.636 : radiusd[312]: NAS best local address = 192.168.1.13
LC/0/5/CPU0:Jul 16 12:30:59.637 : radiusd[312]: Got global deadtime 0
LC/0/5/CPU0:Jul 16 12:30:59.637 : radiusd[312]: Using global deadtime = 0 sec
LC/0/5/CPU0:Jul 16 12:30:59.637 : radiusd[312]: Start timer thread rad_ident 40 remote_port 1812 remote_addr 0xc99ef19a, socket 1346536524 rctx 0x504a2f54
Here's some relevant config:
!
interface Loopback0
ipv4 address 200.Y.Y.Y 255.255.255.255
!
interface GigabitEthernet0/5/0/0
description INTERFASE HACIA LA NUBE
ipv4 address 192.168.1.13 255.255.255.252
!
hostname ASR-9K-BNG
tftp vrf default ipv4 server homedir disk0:
telnet vrf default ipv4 server max-servers 10
radius source-interface Loopback0 vrf default
radius-server host X.X.X.X auth-port 1812 acct-port 1813
key 7 00050B120157
!
aaa group server radius xxxx
server X.X.X.X auth-port 1812 acct-port 1813
source-interface Loopback0
!
aaa accounting subscriber TESTRADIUS group xxxx
aaa authorization subscriber TESTRADIUS group radius group xxxx
aaa authentication subscriber TESTRADIUS group radius group xxxx
aaa authentication ppp TESTRADIUS group xxxx
aaa authentication login default local
I'm not sure if it's relevant, but I'm running BNG funcionality and the source-interface command for the tftp server seemed to work just fine. Can't find any SMUs that would solve this issue on 4.2.0 or 4.2.1. Saw a post from another guy that saw this same behavior on 3.8.2 but his post was not answered.
Help anyone? Is there a special command other than what I pasted here that I might be missing?
regards,
c.
07-28-2012 12:25 AM
Hello C,
We've seen simlar issues due to "CSCua68354 RADIUS : global radius-server key not working".
May you try to configure your radius server as the following instead (specify the key on the server directly)?
!
server-private X.X.X.X auth-port 1812 acct-port 1813
key 7 00050B120157
!
Regards,
/A
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide