Dans le cadre de la documentation associée à ce produit, nous nous efforçons d’utiliser un langage exempt de préjugés. Dans cet ensemble de documents, le langage exempt de discrimination renvoie à une langue qui exclut la discrimination en fonction de l’âge, des handicaps, du genre, de l’appartenance raciale de l’identité ethnique, de l’orientation sexuelle, de la situation socio-économique et de l’intersectionnalité. Des exceptions peuvent s’appliquer dans les documents si le langage est codé en dur dans les interfaces utilisateurs du produit logiciel, si le langage utilisé est basé sur la documentation RFP ou si le langage utilisé provient d’un produit tiers référencé. Découvrez comment Cisco utilise le langage inclusif.
Cisco a traduit ce document en traduction automatisée vérifiée par une personne dans le cadre d’un service mondial permettant à nos utilisateurs d’obtenir le contenu d’assistance dans leur propre langue. Il convient cependant de noter que même la meilleure traduction automatisée ne sera pas aussi précise que celle fournie par un traducteur professionnel.
Ce document permet de sélectionner un groupe d'authentification, d'autorisation et de comptabilité (AAA) et toutes les fonctionnalités qui lui sont associées (adresse IP source, serveur radius, etc.) en sélectionnant simplement le domaine récupéré de l'abonné PPP (Point-to-Point Protocol) entrant.
Cisco vous recommande de prendre connaissance des rubriques suivantes :
Astuce : :: Reportez-vous au Guide de configuration de la passerelle de services intelligents afin de vous familiariser avec ISG.
Astuce : Reportez-vous au Guide de configuration VPDN afin de vous familiariser avec la fonctionnalité VPDN de base.
Les informations contenues dans ce document sont basées sur les versions de matériel et de logiciel suivantes :
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Utilisez les informations décrites dans cette section afin de configurer les fonctionnalités décrites dans ce document.
Note: Ceci est uniquement valide pour les abonnés PPP.
Remarque : cette configuration simule deux clients PPPoE (PPP sur Ethernet) en créant deux sous-interfaces avec une balise dot1q différente sur le routeur CPE (Customer Premise Equipment) et en créant deux interfaces de numérotation avec un nom d'utilisateur PPP différent. Ainsi, deux clients différents dans la topologie pourraient être simulés.
Il s’agit de la configuration utilisée sur le routeur CPE.
interface Ethernet0/1.101 description ppp using isg encapsulation dot1Q 101 pppoe enable group global pppoe-client dial-pool-number 2 ! interface Ethernet0/1.102 description ppp using isg encapsulation dot1Q 102 pppoe enable pppoe-client dial-pool-number 3 ! !--- Following dialer will be used for first CPE with user name pppoe@local.com.
! interface Dialer2 ip address negotiated encapsulation ppp shutdown dialer pool 2 ppp pap sent-username pppoe@local.com password 0 cisco ! !--- Following dialer will be used for second CPE with user name pppoe@lns.com.
! interface Dialer3 ip address negotiated encapsulation ppp shutdown dialer pool 3 ppp pap sent-username pppoe@lns.com password 0 cisco
Il s'agit de la configuration utilisée sur le périphérique LAC (ISG).
! hostname lac ! aaa new-model ! ! aaa group server radius AAA-4-LOCAL !=> Group that will treat the user with domain local.com server name RAD-4-LOCAL ip radius source-interface Ethernet0/0 ! aaa group server radius AAA-4-FORWARD !=> Group that will treat the user with domain lns.com server name RAD-4-FORWARD ip radius source-interface Loopback1 ! aaa authentication login default local aaa authentication ppp default group radius aaa authentication ppp AAA-4-LOCAL group AAA-4-LOCAL !=> List will call the right group aaa authentication ppp AAA-4-FORWARD group AAA-4-FORWARD !=> List will call the right group aaa authorization exec default local aaa authorization network default group radius ! aaa session-id common ! vpdn enable ! class-map type control match-all PPP-4-FORWARD !=> class to match the domain to forward to lns match unauthenticated-domain lns.com match protocol ppp ! class-map type control match-all PPP-4-LOCAL !=> class to match the domain for local termination match unauthenticated-domain local.com match protocol ppp ! class-map type control match-all PPP !=> class to match ppp packets. match protocol ppp ! policy-map type control PPPOE !=> All pppoe will first hit this control policy class type control PPP event session-start 11 collect identifier unauthenticated-domain 12 service-policy type control DOMAIN !=> Now we forward to another policy that will make the selection ! ! policy-map type control DOMAIN class type control PPP-4-LOCAL event session-start !=> If domain is local.com we use this 20 authenticate aaa list AAA-4-LOCAL ! class type control PPP-4-FORWARD event session-start !=> If domain is lns.com we use this 20 authenticate aaa list AAA-4-FORWARD ! ! bba-group pppoe ppp-isg virtual-template 2 ! ! ! interface Loopback0 ip address 172.19.1.2 255.255.255.255 ! interface Loopback1 ip address 172.17.21.6 255.255.255.255 !=> radius request for domain lns.com use this ! interface Ethernet0/0 ip address 172.16.21.6 255.255.255.252 !=> radius request for domain local.com use this ! interface Ethernet0/1 no ip address ! interface Ethernet0/1.101 encapsulation dot1Q 101 pppoe enable group ppp-isg ! interface Ethernet0/1.102 encapsulation dot1Q 102 pppoe enable group ppp-isg ! interface Virtual-Template2 ip unnumbered Loopback0 ppp authentication pap service-policy type control PPPOE ! radius server RAD-4-LOCAL address ipv4 172.16.21.5 auth-port 32645 acct-port 32646 key cisco ! radius server RAD-4-FORWARD address ipv4 172.16.21.5 auth-port 11645 acct-port 11646 key cisco !
Il s'agit de la configuration utilisée sur le périphérique LNS.
! hostname lns ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius ! vpdn enable ! vpdn-group default ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 l2tp tunnel password 0 cisco ! interface Virtual-Template1 ip unnumbered Loopback10 peer default ip address pool allppp ppp mtu adaptive ppp authentication pap ! radius server IOL-alanssie2 address ipv4 172.16.21.9 auth-port 32645 acct-port 32646 key cisco !
Cette section fournit des informations que vous pouvez utiliser afin de vérifier que votre configuration fonctionne correctement et qu'une session PPPoE est terminée sur LAC et qu'une autre session est transférée à LNS en fonction du nom de domaine.
lac#show subscriber ses Codes: Lterm - Local Term, Fwd - forwarded, unauth - unathenticated, authen - authenticated, TC Ct. - Number of Traffic Classes on the main session Current Subscriber Information: Total sessions 2 Uniq ID Interface State Service Up-time TC Ct. Identifier 39 Vi2.1 authen Lterm 00:38:54 0 pppoe@local.com 40 PPPoE authen Fwd 00:38:01 0 pppoe@lns.com
Cette commande montre que le tunnel VPDN est établi entre LAC et LNS pour l'abonné pppoe@lns.com.
lac#sh vpdn tunnel L2TP Tunnel Information Total tunnels 1 sessions 1 LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/ Count VPDN Group 7085 24548 lns est 172.19.1.1 1 VPDN ip addr 17 lac#
Cette section fournit des renseignements qui vous permettront de régler les problèmes de configuration.
Note: Référez-vous à l'article Cisco Dépannage d'ISG avec surveillance de session et débogage conditionnel distribué afin de dépanner une session ISG.
Cette sortie de débogage indique comment l'utilisateur local basé sur le nom de domaine local.com est authentifié et terminé sur le périphérique LAC.
*Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Authen status update; is now "unauthen" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: assert authen status "unauthen" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: send event Session Update *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Updated NAS port for AAA ID 50 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: send event Session Update *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 3 (PPPoE) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 3 (PPPoE) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Service Selection Request *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Access type PPPoE *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Successfully added key SUBTYPE_CONVERTED as FALSE *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Looking for a rule for event session-start *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Evaluate "PPPOE" for session-start *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Match keys against "PPPOE": *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Converted-Session = 0 (NO) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : PPP [TRUE] *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Matched "PPPOE/PPP event session-start" *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Matched "PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain " *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Start *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: SIP [PPPoE] can provide more keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Need key Unauth-Domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Start *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: Need: Unauth-Domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Asking client for more keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.340: PPP: Alloc Context [B174CE60] *Jan 17 14:36:24.340: ppp39 PPP: Phase is ESTABLISHING *Jan 17 14:36:24.341: SSS PM: ANCP not enabled on 'Ethernet0/1.101' - not retrieving default shaper value *Jan 17 14:36:24.341: ppp39 PPP: Using vpn set call direction *Jan 17 14:36:24.341: ppp39 PPP: Treating connection as a callin *Jan 17 14:36:24.341: ppp39 PPP: Session handle[99000027] Session id[39] *Jan 17 14:36:24.341: ppp39 LCP: Event[OPEN] State[Initial to Starting] *Jan 17 14:36:24.341: ppp39 PPP LCP: Enter passive mode, state[Stopped] *Jan 17 14:36:24.342: ppp39 LCP: I CONFREQ [Stopped] id 1 len 10 *Jan 17 14:36:24.342: ppp39 LCP: MagicNumber 0xBCD9A1B6 (0x0506BCD9A1B6) *Jan 17 14:36:24.343: ppp39 LCP: O CONFREQ [Stopped] id 1 len 18 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1492 (0x010405D4) *Jan 17 14:36:24.343: ppp39 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0x010DA1F7 (0x0506010DA1F7) *Jan 17 14:36:24.343: ppp39 LCP: O CONFACK [Stopped] id 1 len 10 *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0xBCD9A1B6 (0x0506BCD9A1B6) *Jan 17 14:36:24.343: ppp39 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent] *Jan 17 14:36:24.343: ppp39 LCP: I CONFNAK [ACKsent] id 1 len 8 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1500 (0x010405DC) *Jan 17 14:36:24.343: ppp39 LCP: O CONFREQ [ACKsent] id 2 len 18 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1500 (0x010405DC) *Jan 17 14:36:24.343: ppp39 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0x010DA1F7 (0x0506010DA1F7) *Jan 17 14:36:24.343: ppp39 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent] *Jan 17 14:36:24.343: ppp39 LCP: I CONFACK [ACKsent] id 2 len 18 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1500 (0x010405DC) *Jan 17 14:36:24.343: ppp39 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0x010DA1F7 (0x0506010DA1F7) *Jan 17 14:36:24.343: ppp39 LCP: Event[Receive ConfAck] State[ACKsent to Open] *Jan 17 14:36:24.366: ppp39 PPP: Queue PAP code[1] id[1] *Jan 17 14:36:24.369: ppp39 PPP: Phase is AUTHENTICATING, by this end *Jan 17 14:36:24.369: ppp39 PAP: Redirect packet to ppp39 *Jan 17 14:36:24.369: ppp39 PAP: I AUTH-REQ id 1 len 26 from "pppoe@local.com" *Jan 17 14:36:24.370: ppp39 PAP: Authenticating peer pppoe@local.com *Jan 17 14:36:24.370: ppp39 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:36:24.370: ppp39 LCP: State is Open *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 0 (PPP) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Converted-Session = 0 (NO) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-User = "pppoe@local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-Domain = "local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Got More Keys *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Access type PPP *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Start *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: State: need-init-keys to initial-req *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Have key Unauth-Domain *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Start *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: Start *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Match keys against "DOMAIN": *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Converted-Session = 0 (NO) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Unauth-User = "pppoe@local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Unauth-Domain = "local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match identifier unauthenticated-domain local.com [TRUE] *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : PPP-4-LOCAL [TRUE] *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Matched "DOMAIN/PPP-4-LOCAL event session-start" *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Start *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: SIP [PPP] can provide more keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Using AAA-Authen-Method-List AAA-4-LOCAL *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Need key Auth-User *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: Start *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: Need: Auth-User *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: ask for authen status *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: request, Query Session Authenticated Status *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: reply, Query Session Authenticated Status = no-record-found *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: session NOT authenticated *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Event <idmgr didn't get keys>, State: need-init-keys to need-init-keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Asking client for more keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.371: ppp39 PPP: Phase is AUTHENTICATING, Unauthenticated User *Jan 17 14:36:24.371: AAA/AUTHEN/PPP (00000032): Pick method list 'AAA-4-LOCAL' <= Correct list for local.com *Jan 17 14:36:24.371: RADIUS/ENCODE(00000032):Orig. component type = PPPoE *Jan 17 14:36:24.371: RADIUS: DSL line rate attributes successfully added *Jan 17 14:36:24.371: RADIUS(00000032): Config NAS IP: 172.16.21.6 *Jan 17 14:36:24.371: RADIUS(00000032): Config NAS IPv6: :: *Jan 17 14:36:24.371: RADIUS/ENCODE(00000032): acct_session_id: 40 *Jan 17 14:36:24.371: RADIUS(00000032): sending *Jan 17 14:36:24.371: RADIUS(00000032): Send Access-Request to 172.16.21.5:32645 id 1645/50, len 137 *Jan 17 14:36:24.371: RADIUS: authenticator E2 2A B0 15 24 CA 79 8C - A5 61 E4 1E C5 52 BC EF *Jan 17 14:36:24.371: RADIUS: Framed-Protocol [7] 6 PPP [1] *Jan 17 14:36:24.371: RADIUS: User-Name [1] 17 "pppoe@local.com" *Jan 17 14:36:24.371: RADIUS: User-Password [2] 18 * *Jan 17 14:36:24.371: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Jan 17 14:36:24.371: RADIUS: NAS-Port [5] 6 0 *Jan 17 14:36:24.371: RADIUS: NAS-Port-Id [87] 11 "0/0/1/101" *Jan 17 14:36:24.371: RADIUS: Vendor, Cisco [26] 41 *Jan 17 14:36:24.371: RADIUS: Cisco AVpair [1] 35 "client-mac-address=aabb.cc00.d210" *Jan 17 14:36:24.371: RADIUS: Service-Type [6] 6 Framed [2] *Jan 17 14:36:24.371: RADIUS: NAS-IP-Address [4] 6 172.16.21.6 <= Correct Nas for Local.com *Jan 17 14:36:24.371: RADIUS(00000032): Sending a IPv4 Radius Packet *Jan 17 14:36:24.372: RADIUS(00000032): Started 5 sec timeout *Jan 17 14:36:24.372: RADIUS: Received from id 1645/50 172.16.21.5:32645, Access-Accept, len 60 *Jan 17 14:36:24.372: RADIUS: authenticator 1A EE FC 44 78 8A 56 DF - 41 57 45 27 4C A7 59 C6 *Jan 17 14:36:24.372: RADIUS: Vendor, Cisco [26] 34 *Jan 17 14:36:24.372: RADIUS: Cisco AVpair [1] 28 "ip:ip-unnumbered=loopback0" *Jan 17 14:36:24.372: RADIUS: Framed-IP-Address [8] 6 179.1.1.1 *Jan 17 14:36:24.372: RADIUS(00000032): Received from id 1645/50 *Jan 17 14:36:24.373: ppp39 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Authen status update; is now "authen" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: assert authen status "authen" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: send event Session Update *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: with username "pppoe@local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Session activation: ok *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: AAA-Attr-List = FB0003D0 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: ip-unnumbered 0 "loopback0" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: addr 0 179.1.1.1 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 0 (PPP) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-User = "pppoe@local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-Domain = "local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Converted-Session = 0 (NO) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 0 (Authenticated) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: AAA-Authen-Method-List = "AAA-4-LOCAL" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Final = 1 (YES) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Auth-User = "pppoe@local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Auth-Domain = "local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Got More Keys *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Access type PPP: final key *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Must apply config before continuing *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Config Request from Client *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Event <got process config req>, State: need-init-keys to need-init-keys *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Process Config *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Apply config request set to AAA list Config: ip-unnumbered 0 "loopback0" Config: addr 0 179.1.1.1 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Sending pppoe@local.com request to AAA *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: SSS PM: Allocating per-user profile info *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: SSS PM: Add per-user profile info to policy context *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Root SIP PPPoE *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Enable PPPoE parsing *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Enable PPP parsing *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[0]: Snapshot captured in Active context *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[0]: Active context created *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Event <make request>, state changed from idle to authorizing *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Active key set to Auth-User *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Authorizing key pppoe@local.com *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Spoofed AAA reply sent for key pppoe@local.com *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Received an AAA pass *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: [B4728100]:Reply message not exist Initial attr ip-unnumbered 0 "loopback0" Initial attr addr 0 179.1.1.1 *Jan 17 14:36:24.373: SSS PM: PARAMETERIZED-QoS: QOS parameters *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: VRF Parsing routine: ip-unnumbered 0 "loopback0" addr 0 179.1.1.1 *Jan 17 14:36:24.374: SSS PM: No VPDN attributes or policy found *Jan 17 14:36:24.374: SSS PM LTERM [uid:39][AAA ID:50]: Process Attr: ip-unnumbered 0 "loopback0" *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Parsed service; Local *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: SIP PPP[A4700F0] parsed as Success *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: SIP PPP[B009900] parsed as Ignore *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: SIP PPPoE[A501AC0] parsed as Success *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Event <found service>, state changed from authorizing to complete *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Found service info for key pppoe@local.com *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Active Handle present - AC000006 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Apply config handle [AF0003D3] now set to [270003DA] *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Freeing Active Handle; SSS Policy Context Handle = D8000027 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[2829]: Released active handle *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: PM directive AAA:Local maps to PM:Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: PROFILE: store profile "pppoe@local.com" *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: is profile "pppoe@local.com" in DB *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: Computed hash value = 353387640 *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: No, add new list *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: create "pppoe@local.com" *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: create "pppoe@local.com"/B48191BC hdl C80003DC ref 1 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: PROFILE: create B481B90C, ref 1 *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Event <free request>, state changed from complete to terminal *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Cancel request *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Author Found Event *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Plumbing proposed by FSP *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: FSP info: B45EC130/Local data: B45EC0E0 SVM: 00000000 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Feature info: B4814320 Type: IP Config *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: : Config level: Per-user *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: : IDB type: Sub-if or not required *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Apply of config finished; provide the found network service *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Network service found; continuing rule *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Run action with no altered name *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: State: need-init-keys to initial-req *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Have key Auth-User *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Back to parent rule *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Run next parent action *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: No more actions to run *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Using previously offered directive Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Event <srvf found>, State: initial-req to wait-for-events *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Service Direction *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Plumbing proposed by FSP *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Looking for a rule for event session-service-found *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Evaluate "PPPOE" for session-service-found *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Not matched "PPPOE/PPP event session-start" *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: No match for "PPPOE" *Jan 17 14:36:24.375: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Intf InputI/f Et0/1.101: service-rule any: None *Jan 17 14:36:24.375: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Glob: service-rule any: None *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Apply Config Success *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [D8000027], returning compatible *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Event <got apply config success>, State: wait-for-events to wait-for-events *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Apply Config; SUCCESS *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: session start done *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Removed attribute list just processed *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: no callback for callback north *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Null client block; Can't update RP *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: No pending events to process *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: No pending eventst *Jan 17 14:36:24.377: AAA/BIND(00000032): Bind i/f Virtual-Access2.1 *Jan 17 14:36:24.377: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User *Jan 17 14:36:24.377: Vi2.1 PAP: O AUTH-ACK id 1 len 5 *Jan 17 14:36:24.378: Vi2.1 PPP: No AAA accounting method list *Jan 17 14:36:24.378: Vi2.1 PPP: Phase is UP *Jan 17 14:36:24.378: Vi2.1 IPCP: Protocol configured, start CP. state[Initial] *Jan 17 14:36:24.378: Vi2.1 IPCP: Event[OPEN] State[Initial to Starting] *Jan 17 14:36:24.378: Vi2.1 IPCP: O CONFREQ [Starting] id 1 len 10 *Jan 17 14:36:24.378: Vi2.1 IPCP: Address 172.19.1.2 (0x0306AC130102) *Jan 17 14:36:24.378: Vi2.1 IPCP: Event[UP] State[Starting to REQsent] *Jan 17 14:36:24.379: Vi2.1 IPCP: I CONFREQ [REQsent] id 1 len 10 *Jan 17 14:36:24.379: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jan 17 14:36:24.379: Vi2.1 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0 *Jan 17 14:36:24.379: Vi2.1 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 179.1.1.1 *Jan 17 14:36:24.379: Vi2.1 IPCP: O CONFNAK [REQsent] id 1 len 10 *Jan 17 14:36:24.379: Vi2.1 IPCP: Address 179.1.1.1 (0x0306B3010101) *Jan 17 14:36:24.379: Vi2.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent] *Jan 17 14:36:24.379: Vi2.1 CDPCP: I CONFREQ [UNKNOWN] id 1 len 4 *Jan 17 14:36:24.379: Vi2.1 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x01010004) *Jan 17 14:36:24.379: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10 *Jan 17 14:36:24.379: Vi2.1 IPCP: Address 172.19.1.2 (0x0306AC130102) *Jan 17 14:36:24.379: Vi2.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd] *Jan 17 14:36:24.380: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 *Jan 17 14:36:24.380: Vi2.1 IPCP: Address 179.1.1.1 (0x0306B3010101) *Jan 17 14:36:24.380: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 2 len 10 *Jan 17 14:36:24.380: Vi2.1 IPCP: Address 179.1.1.1 (0x0306B3010101) *Jan 17 14:36:24.380: Vi2.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open] *Jan 17 14:36:24.401: Vi2.1 IPCP: State is Open *Jan 17 14:36:24.401: Vi2.1 Added to neighbor route AVL tree: topoid 0, address 179.1.1.1 *Jan 17 14:36:24.401: Vi2.1 IPCP: Install route to 179.1.1.1
Cette sortie de débogage reflète la façon dont l'utilisateur distant basé sur le nom de domaine lns.com est authentifié et transféré au périphérique LNS.
*Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Authen status update; is now "unauthen" *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: assert authen status "unauthen" *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: send event Session Update *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Updated NAS port for AAA ID 51 *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: send event Session Update *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 3 (PPPoE) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 3 (PPPoE) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Service Selection Request *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Access type PPPoE *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Successfully added key SUBTYPE_CONVERTED as FALSE *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Looking for a rule for event session-start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Evaluate "PPPOE" for session-start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Match keys against "PPPOE": *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Converted-Session = 0 (NO) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : PPP [TRUE] *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Matched "PPPOE/PPP event session-start" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Matched "PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain " *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: SIP [PPPoE] can provide more keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Need key Unauth-Domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: Need: Unauth-Domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Asking client for more keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.355: PPP: Alloc Context [B174D034] *Jan 17 14:37:17.355: ppp40 PPP: Phase is ESTABLISHING *Jan 17 14:37:17.355: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.355: ppp40 PPP: Using vpn set call direction *Jan 17 14:37:17.355: ppp40 PPP: Treating connection as a callin *Jan 17 14:37:17.355: ppp40 PPP: Session handle[8E000028] Session id[40] *Jan 17 14:37:17.355: ppp40 LCP: Event[OPEN] State[Initial to Starting] *Jan 17 14:37:17.355: ppp40 PPP LCP: Enter passive mode, state[Stopped] *Jan 17 14:37:17.357: ppp40 LCP: I CONFREQ [Stopped] id 1 len 10 *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0xBCDA70F0 (0x0506BCDA70F0) *Jan 17 14:37:17.357: ppp40 LCP: O CONFREQ [Stopped] id 1 len 18 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1492 (0x010405D4) *Jan 17 14:37:17.357: ppp40 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0x010E7131 (0x0506010E7131) *Jan 17 14:37:17.357: ppp40 LCP: O CONFACK [Stopped] id 1 len 10 *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0xBCDA70F0 (0x0506BCDA70F0) *Jan 17 14:37:17.357: ppp40 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent] *Jan 17 14:37:17.357: ppp40 LCP: I CONFNAK [ACKsent] id 1 len 8 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1500 (0x010405DC) *Jan 17 14:37:17.357: ppp40 LCP: O CONFREQ [ACKsent] id 2 len 18 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1500 (0x010405DC) *Jan 17 14:37:17.357: ppp40 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0x010E7131 (0x0506010E7131) *Jan 17 14:37:17.357: ppp40 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent] *Jan 17 14:37:17.357: ppp40 LCP: I CONFACK [ACKsent] id 2 len 18 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1500 (0x010405DC) *Jan 17 14:37:17.357: ppp40 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0x010E7131 (0x0506010E7131) *Jan 17 14:37:17.357: ppp40 LCP: Event[Receive ConfAck] State[ACKsent to Open] *Jan 17 14:37:17.361: ppp40 PPP: Phase is AUTHENTICATING, by this end *Jan 17 14:37:17.361: ppp40 LCP: State is Open *Jan 17 14:37:17.388: ppp40 PAP: I AUTH-REQ id 1 len 24 from "pppoe@lns.com" *Jan 17 14:37:17.388: ppp40 PAP: Authenticating peer pppoe@lns.com *Jan 17 14:37:17.388: ppp40 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 0 (PPP) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Converted-Session = 0 (NO) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-User = "pppoe@lns.com" *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-Domain = "lns.com" *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Got More Keys *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Access type PPP *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Start *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: State: need-init-keys to initial-req *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Have key Unauth-Domain *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Match keys against "DOMAIN": *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Converted-Session = 0 (NO) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Unauth-User = "pppoe@lns.com" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Unauth-Domain = "lns.com" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier unauthenticated-domain local.com [FALSE] [DONE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : PPP-4-LOCAL [FALSE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: No match "DOMAIN/PPP-4-LOCAL event session-start" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier unauthenticated-domain lns.com [TRUE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : PPP-4-FORWARD [TRUE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Matched "DOMAIN/PPP-4-FORWARD event session-start" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: SIP [PPP] can provide more keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Using AAA-Authen-Method-List AAA-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Need key Auth-User *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: Need: Auth-User *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: ask for authen status *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: request, Query Session Authenticated Status *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: reply, Query Session Authenticated Status = no-record-found *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: session NOT authenticated *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Event <idmgr didn't get keys>, State: need-init-keys to need-init-keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Asking client for more keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.389: ppp40 PPP: Phase is AUTHENTICATING, Unauthenticated User *Jan 17 14:37:17.389: AAA/AUTHEN/PPP (00000033): Pick method list 'AAA-4-FORWARD' <== correct method *Jan 17 14:37:17.389: RADIUS/ENCODE(00000033):Orig. component type = PPPoE *Jan 17 14:37:17.389: RADIUS: DSL line rate attributes successfully added *Jan 17 14:37:17.390: RADIUS(00000033): Config NAS IP: 172.17.21.6 *Jan 17 14:37:17.390: RADIUS(00000033): Config NAS IPv6: :: *Jan 17 14:37:17.390: RADIUS/ENCODE(00000033): acct_session_id: 41 *Jan 17 14:37:17.390: RADIUS(00000033): sending *Jan 17 14:37:17.390: RADIUS(00000033): Send Access-Request to 172.16.21.5:11645 id 1645/51, len 135 *Jan 17 14:37:17.390: RADIUS: authenticator 76 AF BF 7B 54 7B 38 A7 - 2A BB EF 93 CB BA 0A 45 *Jan 17 14:37:17.390: RADIUS: Framed-Protocol [7] 6 PPP [1] *Jan 17 14:37:17.390: RADIUS: User-Name [1] 15 "pppoe@lns.com" *Jan 17 14:37:17.390: RADIUS: User-Password [2] 18 * *Jan 17 14:37:17.390: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Jan 17 14:37:17.390: RADIUS: NAS-Port [5] 6 0 *Jan 17 14:37:17.390: RADIUS: NAS-Port-Id [87] 11 "0/0/1/102" *Jan 17 14:37:17.390: RADIUS: Vendor, Cisco [26] 41 *Jan 17 14:37:17.390: RADIUS: Cisco AVpair [1] 35 "client-mac-address=aabb.cc00.d210" *Jan 17 14:37:17.390: RADIUS: Service-Type [6] 6 Framed [2] *Jan 17 14:37:17.390: RADIUS: NAS-IP-Address [4] 6 172.17.21.6 <=== Correct NAS (source ip) *Jan 17 14:37:17.390: RADIUS(00000033): Sending a IPv4 Radius Packet *Jan 17 14:37:17.390: RADIUS(00000033): Started 5 sec timeout *Jan 17 14:37:17.391: RADIUS: Received from id 1645/51 172.16.21.5:11645, Access-Accept, len 105 *Jan 17 14:37:17.391: RADIUS: authenticator 3C 38 A2 16 EA 26 BE 4A - FD 69 49 CA E5 69 E7 04 *Jan 17 14:37:17.391: RADIUS: Service-Type [6] 6 Outbound [5] *Jan 17 14:37:17.391: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] *Jan 17 14:37:17.391: RADIUS: Framed-Protocol [7] 6 PPP [1] *Jan 17 14:37:17.391: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 [1] *Jan 17 14:37:17.391: RADIUS: Tunnel-Client-Auth-I[90] 16 "lac-via-radius" *Jan 17 14:37:17.391: RADIUS: Tunnel-Password [69] 21 00:* *Jan 17 14:37:17.391: RADIUS: Tunnel-Server-Endpoi[67] 12 "172.19.1.1" *Jan 17 14:37:17.391: RADIUS: Tunnel-Client-Endpoi[66] 12 "172.19.1.2" *Jan 17 14:37:17.391: RADIUS(00000033): Received from id 1645/51 *Jan 17 14:37:17.391: ppp40 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Authen status update; is now "authen" *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: assert authen status "authen" *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: send event Session Update *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: with username "pppoe@lns.com" *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Session activation: ok *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: AAA-Attr-List = F50003F4 *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: service-type 0 5 [Outbound] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-type 0 3 [l2tp] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Framed-Protocol 0 1 [PPP] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-medium-type 0 1 [IPv4] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-id 0 "lac-via-radius" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-password 0 <hidden> *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-server-endpoi 0 "172.19.1.1" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 0 (PPP) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-User = "pppoe@lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-Domain = "lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Converted-Session = 0 (NO) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 0 (Authenticated) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: AAA-Authen-Method-List = "AAA-4-FORWARD" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Final = 1 (YES) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Auth-User = "pppoe@lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Auth-Domain = "lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Got More Keys *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Access type PPP: final key *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Must apply config before continuing *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Config Request from Client *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Event <got process config req>, State: need-init-keys to need-init-keys *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Process Config *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Apply config request set to AAA list Config: service-type 0 5 [Outbound] Config: tunnel-type 0 3 [l2tp] Config: Framed-Protocol 0 1 [PPP] Config: tunnel-medium-type 0 1 [IPv4] Config: tunnel-id 0 "lac-via-radius" Config: tunnel-password 0 <hidden> Config: tunnel-server-endpoi 0 "172.19.1.1" Config: tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Sending pppoe@lns.com request to AAA *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: SSS PM: Allocating per-user profile info *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: SSS PM: Add per-user profile info to policy context *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Root SIP PPPoE *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Enable PPPoE parsing *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Enable PPP parsing *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[0]: Snapshot captured in Active context *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[0]: Active context created *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Event <make request>, state changed from idle to authorizing *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Active key set to Auth-User *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Authorizing key pppoe@lns.com *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Spoofed AAA reply sent for key pppoe@lns.com *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Received an AAA pass *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: [B4728388]:Reply message not exist Initial attr service-type 0 5 [Outbound] Initial attr tunnel-type 0 3 [l2tp] Initial attr Framed-Protocol 0 1 [PPP] Initial attr tunnel-medium-type 0 1 [IPv4] Initial attr tunnel-id 0 "lac-via-radius" Initial attr tunnel-password 0 <hidden> Initial attr tunnel-server-endpoi 0 "172.19.1.1" Initial attr tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: policy key list doesn't have IPv4 address *Jan 17 14:37:17.392: SSS PM: PARAMETERIZED-QoS: QOS parameters *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: VRF Parsing routine: service-type 0 5 [Outbound] tunnel-type 0 3 [l2tp] Framed-Protocol 0 1 [PPP] tunnel-medium-type 0 1 [IPv4] tunnel-id 0 "lac-via-radius" tunnel-password 0 <hidden> tunnel-server-endpoi 0 "172.19.1.1" tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Parsed service; VPDN *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: SIP PPP[A4700F0] parsed as Success *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: SIP PPP[B009900] parsed as Ignore *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: SIP PPPoE[A501AC0] parsed as Success *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Event <found service>, state changed from authorizing to complete *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Found service info for key pppoe@lns.com *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Active Handle present - FB000007 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Apply config handle [750003F8] now set to [180003FE] *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Freeing Active Handle; SSS Policy Context Handle = 1D000028 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[2829]: Released active handle *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: PM directive AAA:VPDN maps to PM:Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: PROFILE: store profile "pppoe@lns.com" *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: is profile "pppoe@lns.com" in DB *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: Computed hash value = 2347614612 *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: No, add new list *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: create "pppoe@lns.com" *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: create "pppoe@lns.com"/B48191D8 hdl 4D000400 ref 1 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: PROFILE: create B481B924, ref 1 *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Event <free request>, state changed from complete to terminal *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Cancel request *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Author Found Event *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Plumbing proposed by FSP *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: FSP info: B45F7020/VPDN data: B460E1C8 SVM: 00000000 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Apply of config finished; provide the found network service *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Network service found; continuing rule *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Run action with no altered name *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: State: need-init-keys to initial-req *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Have key Auth-User *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Back to parent rule *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Run next parent action *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: No more actions to run *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Using previously offered directive Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Event <srvf found>, State: initial-req to wait-for-events *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Service Direction *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Plumbing proposed by FSP *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Looking for a rule for event session-service-found *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Evaluate "PPPOE" for session-service-found *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Not matched "PPPOE/PPP event session-start" *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: No match for "PPPOE" *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Intf InputI/f Et0/1.102: service-rule any: None *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Glob: service-rule any: None *Jan 17 14:37:17.393: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.393: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.394: ppp40 PPP: No AAA accounting method list *Jan 17 14:37:17.397: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.397: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Apply Config Success *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [1D000028], returning compatible *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Event <got apply config success>, State: wait-for-events to wait-for-events *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Apply Config; SUCCESS *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: session start done *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Removed attribute list just processed *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: no callback for callback north *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Null client block; Can't update RP *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: No pending events to process *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: No pending eventst *Jan 17 14:37:17.397: ppp40 PPP: Phase is FORWARDED, Session Forwarded