Cisco Access Registrar

Document ID: 13875

Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Procedure
Related Information

Introduction

This document explains how you can configure Cisco Access Registrar (CAR) to see all dictionary attributes (environment, request, and response) when a packet is being processed through CAR. The same script is also helpful for debugging manually written scripts.

Note: Use this script with caution in a live environment with heavy traffic, since it could seriously impact the performance of your server.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on all versions of Cisco Access Registrar.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Procedure

Complete these steps:

1. Save the following script to your CAR server in the directory /opt/AICar1/scripts/radius/tcl.

   proc ShowDictionaryContents {request response environ} { 
        set dict $request    
        set sizeOftheDictionary [$dict size] 
        set sizeOftheDictionaryMinusOne [expr $sizeOftheDictionary - 1] 
        set contents [$dict firstKey] 
        $request get $contents 
   
   
        for {set i 0} {$i    < $sizeOftheDictionaryMinusOne} {incr i} { 
   
             set contents [$dict nextKey] 
             $request get $contents 
   
        } 
   
        set dict $response 
        set sizeOftheDictionary [$dict size] 
        set sizeOftheDictionaryMinusOne [expr $sizeOftheDictionary - 1] 
        if {$sizeOftheDictionary != 0} { 
             set contents [$dict firstKey] 
             $response get $contents 
             for {set i 0} {$i < $sizeOftheDictionaryMinusOne} {incr i} { 
   
             set contents [$dict nextKey]    
             $response get $contents 
             } 
        } 
   
        set dict $environ 
        set sizeOftheDictionary [$dict size] 
        set sizeOftheDictionaryMinusOne [expr $sizeOftheDictionary - 1] 
        if {$sizeOftheDictionary != 0} { 
             set contents [$dict firstKey] 
             $environ get $contents 
   
             for {set i 0} {$i < $sizeOftheDictionaryMinusOne} {incr i} { 
   
             set contents [$dict nextKey] 
             $environ get $contents 
             } 
        } 
   }  

2. Log into CAR and create an entry in [ //localhost/Radius/Scripts/ ] . Here's an example:

   [ //localhost/Radius/Scripts/show-contents ] 
        Name = show-contents 
        Description = 
        Language = tcl 
        Filename = show-contents.tcl 
        EntryPoint = show-contents-script        
        InitEntryPoint = 
        InitEntryPointArgs = 

3. Attach this entry to any "IncomingScript"- or "OutgoingScript"-point in Access Registrar.

4. Reload CAR.

5. Go into the command line and type trace /r 5 to enable the debugging.

   In the following debug, you can clearly see the contents of all the variables of the three dictionaries.

   --------------- *** ../logs/name_radius_1_trace *** 
   02/22/2001 16:19:06: P12699: Packet received from 127.0.0.1
   02/22/2001 16:19:06: P12699: Trace of Access-Request packet
   02/22/2001 16:19:06: P12699: identifier = 43
   02/22/2001 16:19:06: P12699: length = 61
   02/22/2001 16:19:06: P12699: reqauth = ec:4c:c6:74:8d:88:0b:48:2b:e4:74:4f:7f:3e:46:48
   02/22/2001 16:19:06: P12699: User-Name = jill
   02/22/2001 16:19:06: P12699: User-Password = c2:59:fa:cc:1f:7c:6c:44:97:21:58:8e:
   4a:85:6b:90
   02/22/2001 16:19:06: P12699: NAS-Port = 2
   02/22/2001 16:19:06: P12699: NAS-Identifier = localhost
   02/22/2001 16:19:06: P12699: Running Server's IncomingScript: ShowDictionaryContents
   02/22/2001 16:19:06: P12699: Tcl: request size --> 4
   02/22/2001 16:19:06: P12699: Tcl: request firstKey --> User-Name
   02/22/2001 16:19:06: P12699: Tcl: request get User-Name --> jill
   02/22/2001 16:19:06: P12699: Tcl: request nextKey --> User-Password
   02/22/2001 16:19:06: P12699: Tcl: request get User-Password --> jill
   02/22/2001 16:19:06: P12699: Tcl: request nextKey --> NAS-Port
   02/22/2001 16:19:06: P12699: Tcl: request get NAS-Port --> 2
   02/22/2001 16:19:06: P12699: Tcl: request nextKey --> NAS-Identifier
   02/22/2001 16:19:06: P12699: Tcl: request get NAS-Identifier --> localhost 
   02/22/2001 16:19:06: P12699: Tcl: response size --> 0 
   02/22/2001 16:19:06: P12699: Tcl: environ size --> 4 
   02/22/2001 16:19:06: P12699: Tcl: environ firstKey --> Source-Port 
   02/22/2001 16:19:06: P12699: Tcl: environ get Source-Port --> 41948 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Source-IP-Address 
   02/22/2001 16:19:06: P12699: Tcl: environ get Source-IP-Address --> 127.0.0.1 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Request-Type 
   02/22/2001 16:19:06: P12699: Tcl: environ get Request-Type --> Access-Request 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Trace-Level 
   02/22/2001 16:19:06: P12699: Tcl: environ get Trace-Level --> 4 
   02/22/2001 16:19:06: P12699: Using Client: localhost (127.0.0.1) 
   02/22/2001 16:19:06: P12699: Running Client localhost (127.0.0.1) 
   IncomingScript: ParseServiceHints 
   02/22/2001 16:19:06: P12699: Rex: environ-->get( "Request-Type" ) --> "Access-Request" 
   02/22/2001 16:19:06: P12699: Rex: environ-->get( "Request-Type" ) --> "Access-Request" 
   02/22/2001 16:19:06: P12699: Rex: environ-->get( "User-Name" ) --> "" 
   02/22/2001 16:19:06: P12699: Rex: request-->get( "User-Name", 0 ) --> "jill" 
   02/22/2001 16:19:06: P12699: Using NAS: localhost (127.0.0.1) 
   02/22/2001 16:19:06: P12699: Request is directly from a NAS: TRUE 
   02/22/2001 16:19:06: P12699: Authenticating and Authorizing with Service wwf.org 
   02/22/2001 16:19:06: P12699: Getting User jill's UserRecord from UserList Default 
   02/22/2001 16:19:06: P12699: User jill's password matches 
   02/22/2001 16:19:06: P12699: User jill is part of UserGroup PPP-users 
   02/22/2001 16:19:06: P12699: Merging UserGroup PPP-users's BaseProfile 
   default-PPP-users into response dictionary 
   02/22/2001 16:19:06: P12699: Using SessionManager session-mgr-1 
   02/22/2001 16:19:06: P12699: Acquiring session for localhost:2... 02/22/2001 
   16:19:06: P12699: Session S1 acquired... 
   02/22/2001 16:19:06: P12699: Checking User-Name in Session S1 against 
   User-Name in packet... 
   
   02/22/2001 16:19:06: P12699: User-Name's match 
   02/22/2001 16:19:06: P12699: ResourceManager IPA-Pool allocated a resource 
   to Session S1: IP Address 192.168.0.0 already allocated to this session, re-using it 
   02/22/2001 16:19:06: P12699: ResourceManager Per-Group allocated a resource 
   to Session S1: Group session count already incremented for this session, 
   count remains at 1 out of 256 
   02/22/2001 16:19:06: P12699: ResourceManager Per-User allocated a resource 
   to Session S1: User count for "jill" already incremented for this session, 
   count remains at 1 out of 1 
   02/22/2001 16:19:06: P12699: ResourceManager IPX-Pool allocated a resource 
   to Session S1: IPX Network 0x1 already allocated to this session, re-using it 
   02/22/2001 16:19:06: P12699: Writing Session S1 to backing store. 
   02/22/2001 16:19:06: P12699: Releasing acquired Session S1 
   02/22/2001 16:19:06: P12699: SessionManager session-mgr-1 done with packet 
   02/22/2001 16:19:06: P12699: Running Server's OutgoingScript: ShowDictionaryContents 
   02/22/2001 16:19:06: P12699: Tcl: request size --> 4 
   02/22/2001 16:19:06: P12699: Tcl: request firstKey --> User-Name 
   02/22/2001 16:19:06: P12699: Tcl: request get User-Name --> jill 
   02/22/2001 16:19:06: P12699: Tcl: request nextKey --> User-Password 
   02/22/2001 16:19:06: P12699: Tcl: request get User-Password --> jill 
   02/22/2001 16:19:06: P12699: Tcl: request nextKey --> NAS-Port 
   02/22/2001 16:19:06: P12699: Tcl: request get NAS-Port --> 2 
   02/22/2001 16:19:06: P12699: Tcl: request nextKey --> NAS-Identifier 
   02/22/2001 16:19:06: P12699: Tcl: request get NAS-Identifier --> localhost 
   02/22/2001 16:19:06: P12699: Tcl: response size --> 11 
   02/22/2001 16:19:06: P12699: Tcl: response firstKey --> Service-Type 
   02/22/2001 16:19:06: P12699: Tcl: response get Service-Type --> Framed 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Framed-Protocol 
   02/22/2001 16:19:06: P12699: Tcl: response get Framed-Protocol --> PPP 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Framed-IP-Address 
   02/22/2001 16:19:06: P12699: Tcl: response get Framed-IP-Address --> 192.168.0.0 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Framed-IP-Netmask 
   02/22/2001 16:19:06: P12699: Tcl: response get Framed-IP-Netmask --> 255.255.255.0 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Framed-Routing 
   02/22/2001 16:19:06: P12699: Tcl: response get Framed-Routing --> None 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Framed-MTU
   02/22/2001 16:19:06: P12699: Tcl: response get Framed-MTU --> 1500
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Framed-Compression 
   02/22/2001 16:19:06: P12699: Tcl: response get Framed-Compression --> 
   VJ TCP/IP header compression 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Ascend-Idle-Limit 
   02/22/2001 16:19:06: P12699: Tcl: response get Ascend-Idle-Limit --> 1800 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Framed-IPX-Network 
   02/22/2001 16:19:06: P12699: Tcl: response get Framed-IPX-Network --> 1 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> State 
   02/22/2001 16:19:06: P12699: Tcl: response get State --> 1ef3:2:localhost 
   02/22/2001 16:19:06: P12699: Tcl: response nextKey --> Termination-Action 
   02/22/2001 16:19:06: P12699: Tcl: response get Termination-Action --> RADIUS-Request 
   02/22/2001 16:19:06: P12699: Tcl: environ size --> 14 
   02/22/2001 16:19:06: P12699: Tcl: environ firstKey --> Group-Session-Limit 
   02/22/2001 16:19:06: P12699: Tcl: environ get Group-Session-Limit --> 256 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Session-Manager 
   02/22/2001 16:19:06: P12699: Tcl: environ get Session-Manager --> session-mgr-1 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> User-Group 
   02/22/2001 16:19:06: P12699: Tcl: environ get User-Group --> PPP-users 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Current-Group-Count 
   02/22/2001 16:19:06: P12699: Tcl: environ get Current-Group-Count --> 1 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Authorization-Service 
   02/22/2001 16:19:06: P12699: Tcl: environ get Authorization-Service --> wwf.org 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Source-Port 
   02/22/2001 16:19:06: P12699: Tcl: environ get Source-Port --> 41948 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Source-IP-Address 
   02/22/2001 16:19:06: P12699: Tcl: environ get Source-IP-Address --> 127.0.0.1 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Authentication-Service 
   02/22/2001 16:19:06: P12699: Tcl: environ get Authentication-Service --> wwf.org 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Request-Type 
   02/22/2001 16:19:06: P12699: Tcl: environ get Request-Type --> Access-Request 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Trace-Level 
   02/22/2001 16:19:06: P12699: Tcl: environ get Trace-Level --> 4 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Provider-Identifier 
   02/22/2001 16:19:06: P12699: Tcl: environ get Provider-Identifier --> Default 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Allow-Null-Password 
   02/22/2001 16:19:06: P12699: Tcl: environ get Allow-Null-Password --> FALSE 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Session-Notes 
   02/22/2001 16:19:06: P12699: Tcl: environ get Session-Notes --> 
   02/22/2001 16:19:06: P12699: Tcl: environ nextKey --> Response-Type 
   02/22/2001 16:19:06: P12699: Tcl: environ get Response-Type --> 
   Access-Accept 
   02/22/2001 16:19:06: P12699: Trace of Access-Accept packet 
   02/22/2001 16:19:06: P12699: identifier = 43 
   02/22/2001 16:19:06: P12699: length = 104 
   02/22/2001 16:19:06: P12699: reqauth = 15:f4:cf:f3:a6:22:37:e0:7d:9c:06:71:7d:72:2d:61 
   02/22/2001 16:19:06: P12699: Service-Type = Framed 
   02/22/2001 16:19:06: P12699: Framed-Protocol = PPP 
   02/22/2001 16:19:06: P12699: Framed-IP-Address = 192.168.0.0 
   02/22/2001 16:19:06: P12699: Framed-IP-Netmask = 255.255.255.0 
   02/22/2001 16:19:06: P12699: Framed-Routing = None 
   02/22/2001 16:19:06: P12699: Framed-MTU = 1500 
   02/22/2001 16:19:06: P12699: Framed-Compression = VJ TCP/IP 
   header compression 
   02/22/2001 16:19:06: P12699: Ascend-Idle-Limit = 1800 
   02/22/2001 16:19:06: P12699: Framed-IPX-Network = 1 
   02/22/2001 16:19:06: P12699: State = 1ef3:2:localhost 
   02/22/2001 16:19:06: P12699: Termination-Action = RADIUS-Request 
   02/22/2001 16:19:06: P12699: Sending response to 127.0.0.1 
   
   ---------- 
   end of debug
   ---------- 

Related Information

• Cisco Access Registrar Support Page
• Documentation for Cisco Access Registrar
• Cisco Access Registrar Dictionaries
• Cisco Access Registrar 1.7 User's Guide
• Environment Dictionary
• Technical Support - Cisco Systems