RADIUS VC Logging

RADIUS Virtual Circuit (VC) Logging allows the Cisco IOS XE to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.

With RADIUS VC Logging enabled, the RADIUS network access server (NAS)-port field is extended and modified to carry VPI/VCI information. This information is logged in the RADIUS accounting record that was created at session startup.

How to Configure RADIUS VC logging

Configuring the NME Interface IP Address on the NSP

The NAS-IP-Address field in the RADIUS accounting packet contains the IP address of the Network Management Ethernet (NME) port on the Network Service provider (NSP), even if the NME is shut down. If your Network Route Processor (NRP) does not use a DHCP server to obtain an IP address, you must configure a static IP address. Perform the following steps to configure a static combined NME IP address.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface BVI bridge-group
  4. ip address address subnet
  5. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

interface BVI bridge-group

Example:


Router(config)# interface BVI1

Selects the combined Bridge-Group Virtual Interface (BVI) NME interface and enters interface configuration mode.

Step 4

ip address address subnet

Example:


Router(config-if)# ip address 209.165.200.225 255.255.255.224

Configures a static IP and subnetwork address.

Step 5

exit

Example:


Router(config)# exit

Exits interface configuration mode.

Configuring the NME IP address

You can use the Gigabit Ethernet port as a separate NME interface instead of the combined NME interface. Perform the following steps to configure the NME IP address.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface GigabitEthernet number
  4. ip address address mask
  5. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

interface GigabitEthernet number

Example:


Router(config)# interface GigabitEthernet 0/0/0

Selects the NME interface.

Step 4

ip address address mask

Example:


Router(config-if)# ip address 209.165.200.225 255.255.255.224

Configures a static IP and subnetwork address.

Note

 

You must configure the NME IP address before configuring PVCs on the NRP. Otherwise the NAS-IP-Address field in the RADIUS accounting packet will contain an incorrect IP address.

Step 5

exit

Example:


Router(config)# exit

Exits configuration mode.

Configuring RADIUS VC Logging on the NRP

Perform the following steps to configure RADIUS VC logging.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. radius-server attribute nas-port format d
  4. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

radius-server attribute nas-port format d

Example:


Router(config)# radius-server attribute nas-port format d

Selects the ATM VC (virtual circuit) extended format for the NAS port field.

Step 4

exit

Example:


Router(config)# exit

Exits interface configuration mode.

Verifying the NME Interface IP Address

To verify the NME IP address, enter the show interface bvi1 or show interface e0/0/0 EXEC command on the NSP. Check the Internet address statement (indicated with an arrow). 


Router# show interface bvi1 BVI1 is up, line protocol is up 
  Hardware is BVI, address is 0010.7ba9.c783 (bia 0000.0000.0000) 
	   MTU 1500 bytes, BW 10000 Kbit, DLY 5000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type:ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy:fifo
  Output queue 0/0, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1540 packets input, 302775 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     545 packets output, 35694 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

Verifying RADIUS VC Logging on the NRP

To verify RADIUS VC logging on the RADIUS server, examine a RADIUS accounting packet. If RADIUS VC logging is enabled on the Cisco IOS XE software, the RADIUS accounting packet will appear similar to the following example: 


Wed Jun 16 13:57:31 1999
NAS-IP-Address = 192.168.100.192
NAS-Port = 268566560
NAS-Port-Type = Virtual
User-Name = "cisco"
Acct-Status-Type = Start
Service-Type = Framed
Acct-Session-Id = "1/0/0/2.32_00000009"
Framed-Protocol = PPP
Framed-IP-Address = 172.16.7.254
Acct-Delay-Time = 0

The NAS-Port field shows that RADIUS VC logging is enabled. If this line does not appear in the display, then RADIUS VC logging is not enabled on the Cisco IOS XE software.

The Acct-Session-Id field should also identify the incoming NSP interface and VPI/VCI information, in this format: 


Acct-Session-Id = "slot/subslot/port/VPI.VCI_acct-session-id"

Configuration Examples for RADIUS VC Logging

Example Configuring the NME Interface IP Address on the NSP

The following example shows how to configure a static IP and subnetwork address for the Bridge-Group Virtual Interface: 


Router> enable
Router# configure terminal
Router(config)# interface BVI1
ip address 209.165.200.225 255.255.255.224
Router(config)# exit

Example Configuring the NME IP address

The following example shows how to configure the GigabitEthernet interface: 


Router> enable
Router# configure terminal
Router(config)# interface GigabitEthernet 0/0/0
Router(config-if)# ip address 209.165.200.225 255.255.255.224
Router(config)# exit

Example Configuring RADIUS VC Logging on the NRP

The following example shows how to configure the RADIUS VC logging on the NRP: 


Router> enable
Router# configure terminal
Router(config)# radius-server attribute nas-port format d
Router(config)# exit

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Security Commands List, All Releases

MIBs

MIB

MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for RADIUS VC Logging

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Zone-Based Policy Firewall

Feature Name

Releases

Feature Configuration Information

RADIUS VC Logging

Cisco IOS XE Release 3.1S

RADIUS Virtual Circuit (VC) Logging allows the Cisco IOS XE software to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.