MLPPP - Maybe off topic

Tony Spencer tony at eurisp.co.uk
Wed Feb 13 13:01:58 CET 2008 

I've followed the Cisco docs as much possible, and believe I have done all
that is required.
My Cisco config now has the following:

############################################
aaa new-model
!
!
aaa authentication ppp default group radius
aaa authorization network default group radius if-authenticated
aaa accounting delay-start
aaa accounting delay-start vrf default
aaa accounting update periodic 60
aaa accounting network default start-stop group radius
!
aaa nas port extended



radius-server host 192.168.1.1 auth-port 1645 acct-port 1646 key 7 xx
radius-server vsa send authentication
###########################################


Which are the parts it says to add.

The radius profile for the user now has:


################
Cisco-AVPair += preauth:ppp-multilink=1
################

Added.

But the user just gets logged in twice like so:

############
  Vi2.519      user1 at dsl.realm1.co.uk PPPoVPDN     -        10.0.0.88
  Vi2.1560     user1 at dsl.realm1.co.uk PPPoVPDN     -        10.0.0.88
############

With the same static IP, this is the IP address that is assigned to the user
anyway.

I would expect to see something like:

###########
  Vi2.519      user1 at dsl.realm1.co.uk PPPoVPDN     00:00:07
  Vi2.1560     user1 at dsl.realm1.co.uk MLP Bundle   00:00:13 10.0.0.88
###########

We are using a Cisco 7304 as our NAS running IOS version 12.2(28)SB9 and
Freeradius version 2.0.1 with a MySQL backend.

If anyone has any suggestions or has this working I would appreciate any
help.

Here is some debug from the Cisco, debugging radius authentication when the
user logged in.

#################


*Feb 13 11:36:24.610 GMT: RADIUS/ENCODE: Best Local IP-Address 192.168.1.88
for Radius-Server 192.168.1.1
*Feb 13 11:36:24.610 GMT: RADIUS(00113478): Send Access-Request to
192.168.1.1:1645 id 1645/210, len 127
*Feb 13 11:36:24.610 GMT: RADIUS:  authenticator 74 BF BC 30 CC 6A 29 01 -
30 74 A1 B8 EA E4 77 DF
*Feb 13 11:36:24.610 GMT: RADIUS:  Framed-Protocol     [7]   6   PPP
[1]
*Feb 13 11:36:24.610 GMT: RADIUS:  User-Name           [1]   31
"user1 at dsl.realm1.co.uk "
*Feb 13 11:36:24.610 GMT: RADIUS:  CHAP-Password       [3]   19  *
*Feb 13 11:36:24.610 GMT: RADIUS:  NAS-Port-Type       [61]  6   Virtual
[5]
*Feb 13 11:36:24.610 GMT: RADIUS:  NAS-Port            [5]   6   2440
*Feb 13 11:36:24.610 GMT: RADIUS:  NAS-Port-Id         [87]  18
"Uniq-Sess-ID2440"
*Feb 13 11:36:24.610 GMT: RADIUS:  Connect-Info        [77]  9   "8083000"
*Feb 13 11:36:24.610 GMT: RADIUS:  Service-Type        [6]   6   Framed
[2]
*Feb 13 11:36:24.610 GMT: RADIUS:  NAS-IP-Address      [4]   6
192.168.1.88
*Feb 13 11:36:24.614 GMT: RADIUS: Received from id 1645/210
192.168.1.1:1645, Access-Accept, len 142
*Feb 13 11:36:24.614 GMT: RADIUS:  authenticator 22 AC 91 C8 A6 99 E6 01 -
55 C1 6C E6 7E DF 0F 6A
*Feb 13 11:36:24.614 GMT: RADIUS:  Framed-IP-Address   [8]   6   10.0.0.88
*Feb 13 11:36:24.614 GMT: RADIUS:  Framed-IP-Netmask   [9]   6
255.255.255.255
*Feb 13 11:36:24.614 GMT: RADIUS:  Vendor, Cisco       [26]  61
*Feb 13 11:36:24.618 GMT: RADIUS:   Cisco AVpair       [1]   55  "ip:route=
192.168.3.0 255.255.255.248 10.0.0.88"
*Feb 13 11:36:24.618 GMT: RADIUS:  Acct-Interim-Interva[85]  6   7200
*Feb 13 11:36:24.618 GMT: RADIUS:  Vendor, Cisco       [26]  31
*Feb 13 11:36:24.618 GMT: RADIUS:   Cisco AVpair       [1]   25
"preauth:ppp-multilink=1"
*Feb 13 11:36:24.618 GMT: RADIUS:  Service-Type        [6]   6   Framed
[2]
*Feb 13 11:36:24.618 GMT: RADIUS:  Framed-Protocol     [7]   6   PPP
[1]
*Feb 13 11:36:24.618 GMT: RADIUS(00113478): Received from id 1645/210
###########


Thanks in advance

Tony


  

-----Original Message-----
From: freeradius-users-bounces+tony=eurisp.co.uk at lists.freeradius.org
[mailto:freeradius-users-bounces+tony=eurisp.co.uk at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: 09 February 2008 07:44
To: FreeRadius users mailing list
Subject: Re: MLPPP - Maybe off topic

Tony Spencer wrote:
> We are trying to bond 2 DSL lines for a customer who has 2 phone lines
> and 2 DSL circuits in his office.

  You may also need to set the standard RADIUS attributes for doing
multilink.  See the Cisco docs for more information.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.20.2/1270 - Release Date: 10/02/2008
12:21
 

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.20.4/1275 - Release Date: 12/02/2008
15:20

More information about the Freeradius-Users mailing list