此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。
思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。
本文提供了一种方法,只需在传入点对点协议(PPP)用户的检索域上进行选择,即可选择身份验证、授权和记帐(AAA)组以及附加到该组的所有功能(源IP、RADIUS服务器等)。
Cisco 建议您了解以下主题:
提示::要熟悉ISG,请参阅智能服务网关配置指南。
提示:要熟悉基本VPDN功能,请参阅《VPDN配置指南》。
本文档中的信息基于以下软件和硬件版本:
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
使用本节中介绍的信息配置本文档中介绍的功能。
注意:这仅对PPP用户有效。
注意: 此设置通过在用户驻地设备(CPE)路由器上创建两个带有不同dot1q标记的子接口并创建两个具有不同PPP用户名的拨号器接口,来模拟两个PPPoE(以太网上的PPP)客户端。因此,可以模拟拓扑中的两个不同客户端。
这是CPE路由器上使用的配置。
interface Ethernet0/1.101 description ppp using isg encapsulation dot1Q 101 pppoe enable group global pppoe-client dial-pool-number 2 ! interface Ethernet0/1.102 description ppp using isg encapsulation dot1Q 102 pppoe enable pppoe-client dial-pool-number 3 ! !--- Following dialer will be used for first CPE with user name pppoe@local.com.
! interface Dialer2 ip address negotiated encapsulation ppp shutdown dialer pool 2 ppp pap sent-username pppoe@local.com password 0 cisco ! !--- Following dialer will be used for second CPE with user name pppoe@lns.com.
! interface Dialer3 ip address negotiated encapsulation ppp shutdown dialer pool 3 ppp pap sent-username pppoe@lns.com password 0 cisco
这是LAC(ISG)设备上使用的配置。
! hostname lac ! aaa new-model ! ! aaa group server radius AAA-4-LOCAL !=> Group that will treat the user with domain local.com server name RAD-4-LOCAL ip radius source-interface Ethernet0/0 ! aaa group server radius AAA-4-FORWARD !=> Group that will treat the user with domain lns.com server name RAD-4-FORWARD ip radius source-interface Loopback1 ! aaa authentication login default local aaa authentication ppp default group radius aaa authentication ppp AAA-4-LOCAL group AAA-4-LOCAL !=> List will call the right group aaa authentication ppp AAA-4-FORWARD group AAA-4-FORWARD !=> List will call the right group aaa authorization exec default local aaa authorization network default group radius ! aaa session-id common ! vpdn enable ! class-map type control match-all PPP-4-FORWARD !=> class to match the domain to forward to lns match unauthenticated-domain lns.com match protocol ppp ! class-map type control match-all PPP-4-LOCAL !=> class to match the domain for local termination match unauthenticated-domain local.com match protocol ppp ! class-map type control match-all PPP !=> class to match ppp packets. match protocol ppp ! policy-map type control PPPOE !=> All pppoe will first hit this control policy class type control PPP event session-start 11 collect identifier unauthenticated-domain 12 service-policy type control DOMAIN !=> Now we forward to another policy that will make the selection ! ! policy-map type control DOMAIN class type control PPP-4-LOCAL event session-start !=> If domain is local.com we use this 20 authenticate aaa list AAA-4-LOCAL ! class type control PPP-4-FORWARD event session-start !=> If domain is lns.com we use this 20 authenticate aaa list AAA-4-FORWARD ! ! bba-group pppoe ppp-isg virtual-template 2 ! ! ! interface Loopback0 ip address 172.19.1.2 255.255.255.255 ! interface Loopback1 ip address 172.17.21.6 255.255.255.255 !=> radius request for domain lns.com use this ! interface Ethernet0/0 ip address 172.16.21.6 255.255.255.252 !=> radius request for domain local.com use this ! interface Ethernet0/1 no ip address ! interface Ethernet0/1.101 encapsulation dot1Q 101 pppoe enable group ppp-isg ! interface Ethernet0/1.102 encapsulation dot1Q 102 pppoe enable group ppp-isg ! interface Virtual-Template2 ip unnumbered Loopback0 ppp authentication pap service-policy type control PPPOE ! radius server RAD-4-LOCAL address ipv4 172.16.21.5 auth-port 32645 acct-port 32646 key cisco ! radius server RAD-4-FORWARD address ipv4 172.16.21.5 auth-port 11645 acct-port 11646 key cisco !
这是LNS设备上使用的配置。
! hostname lns ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius ! vpdn enable ! vpdn-group default ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 l2tp tunnel password 0 cisco ! interface Virtual-Template1 ip unnumbered Loopback10 peer default ip address pool allppp ppp mtu adaptive ppp authentication pap ! radius server IOL-alanssie2 address ipv4 172.16.21.9 auth-port 32645 acct-port 32646 key cisco !
本部分提供可用于验证配置是否正常工作以及LAC上终止一个PPPoE会话以及根据域名将其他会话转发到LNS的信息。
lac#show subscriber ses Codes: Lterm - Local Term, Fwd - forwarded, unauth - unathenticated, authen - authenticated, TC Ct. - Number of Traffic Classes on the main session Current Subscriber Information: Total sessions 2 Uniq ID Interface State Service Up-time TC Ct. Identifier 39 Vi2.1 authen Lterm 00:38:54 0 pppoe@local.com 40 PPPoE authen Fwd 00:38:01 0 pppoe@lns.com
此命令显示LAC和LNS之间为pppoe@lns.com用户建立了VPDN隧道。
lac#sh vpdn tunnel L2TP Tunnel Information Total tunnels 1 sessions 1 LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/ Count VPDN Group 7085 24548 lns est 172.19.1.1 1 VPDN ip addr 17 lac#
本节提供可用于排除配置故障的信息。
注意:要对ISG会话进行故障排除,请参阅使用会话监控和分布式条件调试排除ISG的文章。
此调试输出反映了如何在LAC设备上对基于域名local.com的本地用户进行身份验证和终止。
*Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Authen status update; is now "unauthen" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: assert authen status "unauthen" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: send event Session Update *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Updated NAS port for AAA ID 50 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: send event Session Update *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 3 (PPPoE) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 3 (PPPoE) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Service Selection Request *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Access type PPPoE *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: Successfully added key SUBTYPE_CONVERTED as FALSE *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Looking for a rule for event session-start *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:36:24.339: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Evaluate "PPPOE" for session-start *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Match keys against "PPPOE": *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Converted-Session = 0 (NO) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : PPP [TRUE] *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Matched "PPPOE/PPP event session-start" *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Matched "PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain " *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Start *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: SIP [PPPoE] can provide more keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Need key Unauth-Domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Start *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: Need: Unauth-Domain *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Asking client for more keys *Jan 17 14:36:24.340: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.340: PPP: Alloc Context [B174CE60] *Jan 17 14:36:24.340: ppp39 PPP: Phase is ESTABLISHING *Jan 17 14:36:24.341: SSS PM: ANCP not enabled on 'Ethernet0/1.101' - not retrieving default shaper value *Jan 17 14:36:24.341: ppp39 PPP: Using vpn set call direction *Jan 17 14:36:24.341: ppp39 PPP: Treating connection as a callin *Jan 17 14:36:24.341: ppp39 PPP: Session handle[99000027] Session id[39] *Jan 17 14:36:24.341: ppp39 LCP: Event[OPEN] State[Initial to Starting] *Jan 17 14:36:24.341: ppp39 PPP LCP: Enter passive mode, state[Stopped] *Jan 17 14:36:24.342: ppp39 LCP: I CONFREQ [Stopped] id 1 len 10 *Jan 17 14:36:24.342: ppp39 LCP: MagicNumber 0xBCD9A1B6 (0x0506BCD9A1B6) *Jan 17 14:36:24.343: ppp39 LCP: O CONFREQ [Stopped] id 1 len 18 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1492 (0x010405D4) *Jan 17 14:36:24.343: ppp39 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0x010DA1F7 (0x0506010DA1F7) *Jan 17 14:36:24.343: ppp39 LCP: O CONFACK [Stopped] id 1 len 10 *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0xBCD9A1B6 (0x0506BCD9A1B6) *Jan 17 14:36:24.343: ppp39 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent] *Jan 17 14:36:24.343: ppp39 LCP: I CONFNAK [ACKsent] id 1 len 8 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1500 (0x010405DC) *Jan 17 14:36:24.343: ppp39 LCP: O CONFREQ [ACKsent] id 2 len 18 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1500 (0x010405DC) *Jan 17 14:36:24.343: ppp39 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0x010DA1F7 (0x0506010DA1F7) *Jan 17 14:36:24.343: ppp39 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent] *Jan 17 14:36:24.343: ppp39 LCP: I CONFACK [ACKsent] id 2 len 18 *Jan 17 14:36:24.343: ppp39 LCP: MRU 1500 (0x010405DC) *Jan 17 14:36:24.343: ppp39 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:36:24.343: ppp39 LCP: MagicNumber 0x010DA1F7 (0x0506010DA1F7) *Jan 17 14:36:24.343: ppp39 LCP: Event[Receive ConfAck] State[ACKsent to Open] *Jan 17 14:36:24.366: ppp39 PPP: Queue PAP code[1] id[1] *Jan 17 14:36:24.369: ppp39 PPP: Phase is AUTHENTICATING, by this end *Jan 17 14:36:24.369: ppp39 PAP: Redirect packet to ppp39 *Jan 17 14:36:24.369: ppp39 PAP: I AUTH-REQ id 1 len 26 from "pppoe@local.com" *Jan 17 14:36:24.370: ppp39 PAP: Authenticating peer pppoe@local.com *Jan 17 14:36:24.370: ppp39 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:36:24.370: ppp39 LCP: State is Open *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Username key not found in set domain key API *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 0 (PPP) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Converted-Session = 0 (NO) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-User = "pppoe@local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-Domain = "local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Got More Keys *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: Access type PPP *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Start *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: State: need-init-keys to initial-req *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Have key Unauth-Domain *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Start *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: Start *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Match keys against "DOMAIN": *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Converted-Session = 0 (NO) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Unauth-User = "pppoe@local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Unauth-Domain = "local.com" *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match identifier unauthenticated-domain local.com [TRUE] *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: CONTROL-CLASS-MAP: : PPP-4-LOCAL [TRUE] *Jan 17 14:36:24.370: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Matched "DOMAIN/PPP-4-LOCAL event session-start" *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Start *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: SIP [PPP] can provide more keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Using AAA-Authen-Method-List AAA-4-LOCAL *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Need key Auth-User *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: Start *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: Need: Auth-User *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: ask for authen status *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: request, Query Session Authenticated Status *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: reply, Query Session Authenticated Status = no-record-found *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: session NOT authenticated *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Event <idmgr didn't get keys>, State: need-init-keys to need-init-keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Asking client for more keys *Jan 17 14:36:24.371: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Need More Keys *Jan 17 14:36:24.371: ppp39 PPP: Phase is AUTHENTICATING, Unauthenticated User *Jan 17 14:36:24.371: AAA/AUTHEN/PPP (00000032): Pick method list 'AAA-4-LOCAL' <= Correct list for local.com *Jan 17 14:36:24.371: RADIUS/ENCODE(00000032):Orig. component type = PPPoE *Jan 17 14:36:24.371: RADIUS: DSL line rate attributes successfully added *Jan 17 14:36:24.371: RADIUS(00000032): Config NAS IP: 172.16.21.6 *Jan 17 14:36:24.371: RADIUS(00000032): Config NAS IPv6: :: *Jan 17 14:36:24.371: RADIUS/ENCODE(00000032): acct_session_id: 40 *Jan 17 14:36:24.371: RADIUS(00000032): sending *Jan 17 14:36:24.371: RADIUS(00000032): Send Access-Request to 172.16.21.5:32645 id 1645/50, len 137 *Jan 17 14:36:24.371: RADIUS: authenticator E2 2A B0 15 24 CA 79 8C - A5 61 E4 1E C5 52 BC EF *Jan 17 14:36:24.371: RADIUS: Framed-Protocol [7] 6 PPP [1] *Jan 17 14:36:24.371: RADIUS: User-Name [1] 17 "pppoe@local.com" *Jan 17 14:36:24.371: RADIUS: User-Password [2] 18 * *Jan 17 14:36:24.371: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Jan 17 14:36:24.371: RADIUS: NAS-Port [5] 6 0 *Jan 17 14:36:24.371: RADIUS: NAS-Port-Id [87] 11 "0/0/1/101" *Jan 17 14:36:24.371: RADIUS: Vendor, Cisco [26] 41 *Jan 17 14:36:24.371: RADIUS: Cisco AVpair [1] 35 "client-mac-address=aabb.cc00.d210" *Jan 17 14:36:24.371: RADIUS: Service-Type [6] 6 Framed [2] *Jan 17 14:36:24.371: RADIUS: NAS-IP-Address [4] 6 172.16.21.6 <= Correct Nas for Local.com *Jan 17 14:36:24.371: RADIUS(00000032): Sending a IPv4 Radius Packet *Jan 17 14:36:24.372: RADIUS(00000032): Started 5 sec timeout *Jan 17 14:36:24.372: RADIUS: Received from id 1645/50 172.16.21.5:32645, Access-Accept, len 60 *Jan 17 14:36:24.372: RADIUS: authenticator 1A EE FC 44 78 8A 56 DF - 41 57 45 27 4C A7 59 C6 *Jan 17 14:36:24.372: RADIUS: Vendor, Cisco [26] 34 *Jan 17 14:36:24.372: RADIUS: Cisco AVpair [1] 28 "ip:ip-unnumbered=loopback0" *Jan 17 14:36:24.372: RADIUS: Framed-IP-Address [8] 6 179.1.1.1 *Jan 17 14:36:24.372: RADIUS(00000032): Received from id 1645/50 *Jan 17 14:36:24.373: ppp39 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Authen status update; is now "authen" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: assert authen status "authen" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: send event Session Update *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: IDMGR: with username "pppoe@local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Session activation: ok *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Updated key list: *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: AAA-Attr-List = FB0003D0 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: ip-unnumbered 0 "loopback0" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: addr 0 179.1.1.1 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Access-Type = 0 (PPP) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-User = "pppoe@local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Unauth-Domain = "local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Input Interface = "Ethernet0/1.101" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Converted-Session = 0 (NO) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Media-Type = 1 (Ethernet) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Authen-Status = 0 (Authenticated) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 101 IP 0.0.0.0 VPI 0 VCI 0 VLAN 101 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Session-Handle = 1358954575 (5100004F) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: AAA-Authen-Method-List = "AAA-4-LOCAL" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Final = 1 (YES) *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Auth-User = "pppoe@local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Auth-Domain = "local.com" *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Got More Keys *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Access type PPP: final key *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Must apply config before continuing *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Config Request from Client *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Event <got process config req>, State: need-init-keys to need-init-keys *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Process Config *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Apply config request set to AAA list Config: ip-unnumbered 0 "loopback0" Config: addr 0 179.1.1.1 *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: Sending pppoe@local.com request to AAA *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: SSS PM: Allocating per-user profile info *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: SSS PM: Add per-user profile info to policy context *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Root SIP PPPoE *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Enable PPPoE parsing *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Enable PPP parsing *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[0]: Snapshot captured in Active context *Jan 17 14:36:24.373: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[0]: Active context created *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Event <make request>, state changed from idle to authorizing *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Active key set to Auth-User *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Authorizing key pppoe@local.com *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Spoofed AAA reply sent for key pppoe@local.com *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: Received an AAA pass *Jan 17 14:36:24.373: SSS AAA AUTHOR [uid:39][AAA ID:50]: [B4728100]:Reply message not exist Initial attr ip-unnumbered 0 "loopback0" Initial attr addr 0 179.1.1.1 *Jan 17 14:36:24.373: SSS PM: PARAMETERIZED-QoS: QOS parameters *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: VRF Parsing routine: ip-unnumbered 0 "loopback0" addr 0 179.1.1.1 *Jan 17 14:36:24.374: SSS PM: No VPDN attributes or policy found *Jan 17 14:36:24.374: SSS PM LTERM [uid:39][AAA ID:50]: Process Attr: ip-unnumbered 0 "loopback0" *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Parsed service; Local *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: SIP PPP[A4700F0] parsed as Success *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: SIP PPP[B009900] parsed as Ignore *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: SIP PPPoE[A501AC0] parsed as Success *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Event <found service>, state changed from authorizing to complete *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Found service info for key pppoe@local.com *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Active Handle present - AC000006 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Apply config handle [AF0003D3] now set to [270003DA] *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Freeing Active Handle; SSS Policy Context Handle = D8000027 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: ACTIVE HANDLE[2829]: Released active handle *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: PM directive AAA:Local maps to PM:Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: PROFILE: store profile "pppoe@local.com" *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: is profile "pppoe@local.com" in DB *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: Computed hash value = 353387640 *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: No, add new list *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: create "pppoe@local.com" *Jan 17 14:36:24.374: SSS PM: PROFILE-DB: create "pppoe@local.com"/B48191BC hdl C80003DC ref 1 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: PROFILE: create B481B90C, ref 1 *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Event <free request>, state changed from complete to terminal *Jan 17 14:36:24.374: SSS AAA AUTHOR [uid:39][AAA ID:50]: Cancel request *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Author Found Event *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Plumbing proposed by FSP *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: FSP info: B45EC130/Local data: B45EC0E0 SVM: 00000000 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Feature info: B4814320 Type: IP Config *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: : Config level: Per-user *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: : IDB type: Sub-if or not required *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Apply of config finished; provide the found network service *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Network service found; continuing rule *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Run action with no altered name *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: State: need-init-keys to initial-req *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[0]: Have key Auth-User *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: DOMAIN/PPP-4-LOCAL event session-start/20 authenticate aaa list AAA-4-LOCAL *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Back to parent rule *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[1]: Run next parent action *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[2]: No more actions to run *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[3]: Using previously offered directive Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: Continue *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE[4]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Event <srvf found>, State: initial-req to wait-for-events *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Service Direction *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Plumbing proposed by FSP *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: Policy reply - Local Terminate *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Looking for a rule for event session-service-found *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Evaluate "PPPOE" for session-service-found *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Not matched "PPPOE/PPP event session-start" *Jan 17 14:36:24.374: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: No match for "PPPOE" *Jan 17 14:36:24.375: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Intf InputI/f Et0/1.101: service-rule any: None *Jan 17 14:36:24.375: SSS PM [uid:39][B4728100][AAA ID:50]: RULE: Glob: service-rule any: None *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: SM Policy invoke - Apply Config Success *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [D8000027], returning compatible *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Event <got apply config success>, State: wait-for-events to wait-for-events *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Handling Apply Config; SUCCESS *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: session start done *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Removed attribute list just processed *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: no callback for callback north *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Null client block; Can't update RP *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: Client block is NULL in get client block with handle D8000027 *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: No pending events to process *Jan 17 14:36:24.377: SSS PM [uid:39][B4728100][AAA ID:50]: No pending eventst *Jan 17 14:36:24.377: AAA/BIND(00000032): Bind i/f Virtual-Access2.1 *Jan 17 14:36:24.377: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User *Jan 17 14:36:24.377: Vi2.1 PAP: O AUTH-ACK id 1 len 5 *Jan 17 14:36:24.378: Vi2.1 PPP: No AAA accounting method list *Jan 17 14:36:24.378: Vi2.1 PPP: Phase is UP *Jan 17 14:36:24.378: Vi2.1 IPCP: Protocol configured, start CP. state[Initial] *Jan 17 14:36:24.378: Vi2.1 IPCP: Event[OPEN] State[Initial to Starting] *Jan 17 14:36:24.378: Vi2.1 IPCP: O CONFREQ [Starting] id 1 len 10 *Jan 17 14:36:24.378: Vi2.1 IPCP: Address 172.19.1.2 (0x0306AC130102) *Jan 17 14:36:24.378: Vi2.1 IPCP: Event[UP] State[Starting to REQsent] *Jan 17 14:36:24.379: Vi2.1 IPCP: I CONFREQ [REQsent] id 1 len 10 *Jan 17 14:36:24.379: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jan 17 14:36:24.379: Vi2.1 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0 *Jan 17 14:36:24.379: Vi2.1 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 179.1.1.1 *Jan 17 14:36:24.379: Vi2.1 IPCP: O CONFNAK [REQsent] id 1 len 10 *Jan 17 14:36:24.379: Vi2.1 IPCP: Address 179.1.1.1 (0x0306B3010101) *Jan 17 14:36:24.379: Vi2.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent] *Jan 17 14:36:24.379: Vi2.1 CDPCP: I CONFREQ [UNKNOWN] id 1 len 4 *Jan 17 14:36:24.379: Vi2.1 LCP: O PROTREJ [Open] id 3 len 10 protocol CDPCP (0x01010004) *Jan 17 14:36:24.379: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10 *Jan 17 14:36:24.379: Vi2.1 IPCP: Address 172.19.1.2 (0x0306AC130102) *Jan 17 14:36:24.379: Vi2.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd] *Jan 17 14:36:24.380: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 10 *Jan 17 14:36:24.380: Vi2.1 IPCP: Address 179.1.1.1 (0x0306B3010101) *Jan 17 14:36:24.380: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 2 len 10 *Jan 17 14:36:24.380: Vi2.1 IPCP: Address 179.1.1.1 (0x0306B3010101) *Jan 17 14:36:24.380: Vi2.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open] *Jan 17 14:36:24.401: Vi2.1 IPCP: State is Open *Jan 17 14:36:24.401: Vi2.1 Added to neighbor route AVL tree: topoid 0, address 179.1.1.1 *Jan 17 14:36:24.401: Vi2.1 IPCP: Install route to 179.1.1.1
此调试输出反映了如何对基于域名lns.com的远程用户进行身份验证并转发到LNS设备。
*Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Authen status update; is now "unauthen" *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: assert authen status "unauthen" *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: send event Session Update *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: Updated NAS port for AAA ID 51 *Jan 17 14:37:17.353: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: send event Session Update *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 3 (PPPoE) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 3 (PPPoE) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Service Selection Request *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Access type PPPoE *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Successfully added key SUBTYPE_CONVERTED as FALSE *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Looking for a rule for event session-start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Evaluate "PPPOE" for session-start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Match keys against "PPPOE": *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Converted-Session = 0 (NO) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : PPP [TRUE] *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Matched "PPPOE/PPP event session-start" *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Matched "PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain " *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: SIP [PPPoE] can provide more keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Need key Unauth-Domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Start *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: Need: Unauth-Domain *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Asking client for more keys *Jan 17 14:37:17.354: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.355: PPP: Alloc Context [B174D034] *Jan 17 14:37:17.355: ppp40 PPP: Phase is ESTABLISHING *Jan 17 14:37:17.355: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.355: ppp40 PPP: Using vpn set call direction *Jan 17 14:37:17.355: ppp40 PPP: Treating connection as a callin *Jan 17 14:37:17.355: ppp40 PPP: Session handle[8E000028] Session id[40] *Jan 17 14:37:17.355: ppp40 LCP: Event[OPEN] State[Initial to Starting] *Jan 17 14:37:17.355: ppp40 PPP LCP: Enter passive mode, state[Stopped] *Jan 17 14:37:17.357: ppp40 LCP: I CONFREQ [Stopped] id 1 len 10 *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0xBCDA70F0 (0x0506BCDA70F0) *Jan 17 14:37:17.357: ppp40 LCP: O CONFREQ [Stopped] id 1 len 18 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1492 (0x010405D4) *Jan 17 14:37:17.357: ppp40 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0x010E7131 (0x0506010E7131) *Jan 17 14:37:17.357: ppp40 LCP: O CONFACK [Stopped] id 1 len 10 *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0xBCDA70F0 (0x0506BCDA70F0) *Jan 17 14:37:17.357: ppp40 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent] *Jan 17 14:37:17.357: ppp40 LCP: I CONFNAK [ACKsent] id 1 len 8 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1500 (0x010405DC) *Jan 17 14:37:17.357: ppp40 LCP: O CONFREQ [ACKsent] id 2 len 18 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1500 (0x010405DC) *Jan 17 14:37:17.357: ppp40 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0x010E7131 (0x0506010E7131) *Jan 17 14:37:17.357: ppp40 LCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent] *Jan 17 14:37:17.357: ppp40 LCP: I CONFACK [ACKsent] id 2 len 18 *Jan 17 14:37:17.357: ppp40 LCP: MRU 1500 (0x010405DC) *Jan 17 14:37:17.357: ppp40 LCP: AuthProto PAP (0x0304C023) *Jan 17 14:37:17.357: ppp40 LCP: MagicNumber 0x010E7131 (0x0506010E7131) *Jan 17 14:37:17.357: ppp40 LCP: Event[Receive ConfAck] State[ACKsent to Open] *Jan 17 14:37:17.361: ppp40 PPP: Phase is AUTHENTICATING, by this end *Jan 17 14:37:17.361: ppp40 LCP: State is Open *Jan 17 14:37:17.388: ppp40 PAP: I AUTH-REQ id 1 len 24 from "pppoe@lns.com" *Jan 17 14:37:17.388: ppp40 PAP: Authenticating peer pppoe@lns.com *Jan 17 14:37:17.388: ppp40 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Username key not found in set domain key API *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 0 (PPP) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Converted-Session = 0 (NO) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-User = "pppoe@lns.com" *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-Domain = "lns.com" *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Got More Keys *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: Access type PPP *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Start *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.388: SSS PM [uid:40][B4728388][AAA ID:51]: State: need-init-keys to initial-req *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Have key Unauth-Domain *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: PPPOE/PPP event session-start/11 collect identifier unauthenticated-domain *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Match keys against "DOMAIN": *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Converted-Session = 0 (NO) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Authen-Status = 1 (Unauthenticated) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Unauth-User = "pppoe@lns.com" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Unauth-Domain = "lns.com" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier unauthenticated-domain local.com [FALSE] [DONE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-LOCAL *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : PPP-4-LOCAL [FALSE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: No match "DOMAIN/PPP-4-LOCAL event session-start" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier unauthenticated-domain lns.com [TRUE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match identifier protocol ppp [TRUE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : [0] match-all PPP-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: CONTROL-CLASS-MAP: : PPP-4-FORWARD [TRUE] *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Matched "DOMAIN/PPP-4-FORWARD event session-start" *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: SIP [PPP] can provide more keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Using AAA-Authen-Method-List AAA-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Need key Auth-User *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: Start *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Event <need keys>, State: initial-req to need-init-keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: Need: Auth-User *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: ask for authen status *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: request, Query Session Authenticated Status *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: reply, Query Session Authenticated Status = no-record-found *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: session NOT authenticated *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Event <idmgr didn't get keys>, State: need-init-keys to need-init-keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Asking client for more keys *Jan 17 14:37:17.389: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Need More Keys *Jan 17 14:37:17.389: ppp40 PPP: Phase is AUTHENTICATING, Unauthenticated User *Jan 17 14:37:17.389: AAA/AUTHEN/PPP (00000033): Pick method list 'AAA-4-FORWARD' <== correct method *Jan 17 14:37:17.389: RADIUS/ENCODE(00000033):Orig. component type = PPPoE *Jan 17 14:37:17.389: RADIUS: DSL line rate attributes successfully added *Jan 17 14:37:17.390: RADIUS(00000033): Config NAS IP: 172.17.21.6 *Jan 17 14:37:17.390: RADIUS(00000033): Config NAS IPv6: :: *Jan 17 14:37:17.390: RADIUS/ENCODE(00000033): acct_session_id: 41 *Jan 17 14:37:17.390: RADIUS(00000033): sending *Jan 17 14:37:17.390: RADIUS(00000033): Send Access-Request to 172.16.21.5:11645 id 1645/51, len 135 *Jan 17 14:37:17.390: RADIUS: authenticator 76 AF BF 7B 54 7B 38 A7 - 2A BB EF 93 CB BA 0A 45 *Jan 17 14:37:17.390: RADIUS: Framed-Protocol [7] 6 PPP [1] *Jan 17 14:37:17.390: RADIUS: User-Name [1] 15 "pppoe@lns.com" *Jan 17 14:37:17.390: RADIUS: User-Password [2] 18 * *Jan 17 14:37:17.390: RADIUS: NAS-Port-Type [61] 6 Virtual [5] *Jan 17 14:37:17.390: RADIUS: NAS-Port [5] 6 0 *Jan 17 14:37:17.390: RADIUS: NAS-Port-Id [87] 11 "0/0/1/102" *Jan 17 14:37:17.390: RADIUS: Vendor, Cisco [26] 41 *Jan 17 14:37:17.390: RADIUS: Cisco AVpair [1] 35 "client-mac-address=aabb.cc00.d210" *Jan 17 14:37:17.390: RADIUS: Service-Type [6] 6 Framed [2] *Jan 17 14:37:17.390: RADIUS: NAS-IP-Address [4] 6 172.17.21.6 <=== Correct NAS (source ip) *Jan 17 14:37:17.390: RADIUS(00000033): Sending a IPv4 Radius Packet *Jan 17 14:37:17.390: RADIUS(00000033): Started 5 sec timeout *Jan 17 14:37:17.391: RADIUS: Received from id 1645/51 172.16.21.5:11645, Access-Accept, len 105 *Jan 17 14:37:17.391: RADIUS: authenticator 3C 38 A2 16 EA 26 BE 4A - FD 69 49 CA E5 69 E7 04 *Jan 17 14:37:17.391: RADIUS: Service-Type [6] 6 Outbound [5] *Jan 17 14:37:17.391: RADIUS: Tunnel-Type [64] 6 00:L2TP [3] *Jan 17 14:37:17.391: RADIUS: Framed-Protocol [7] 6 PPP [1] *Jan 17 14:37:17.391: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4 [1] *Jan 17 14:37:17.391: RADIUS: Tunnel-Client-Auth-I[90] 16 "lac-via-radius" *Jan 17 14:37:17.391: RADIUS: Tunnel-Password [69] 21 00:* *Jan 17 14:37:17.391: RADIUS: Tunnel-Server-Endpoi[67] 12 "172.19.1.1" *Jan 17 14:37:17.391: RADIUS: Tunnel-Client-Endpoi[66] 12 "172.19.1.2" *Jan 17 14:37:17.391: RADIUS(00000033): Received from id 1645/51 *Jan 17 14:37:17.391: ppp40 PPP: Phase is FORWARDING, Attempting Forward *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Authen status update; is now "authen" *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: assert authen status "authen" *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: send event Session Update *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: IDMGR: with username "pppoe@lns.com" *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Session activation: ok *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.391: SSS PM [uid:40][B4728388][AAA ID:51]: Updated key list: *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: AAA-Attr-List = F50003F4 *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: service-type 0 5 [Outbound] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-type 0 3 [l2tp] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Framed-Protocol 0 1 [PPP] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-medium-type 0 1 [IPv4] *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-id 0 "lac-via-radius" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-password 0 <hidden> *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-server-endpoi 0 "172.19.1.1" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Access-Type = 0 (PPP) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-User = "pppoe@lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Unauth-Domain = "lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Input Interface = "Ethernet0/1.102" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Converted-Session = 0 (NO) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Media-Type = 1 (Ethernet) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Authen-Status = 0 (Authenticated) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Nasport = PPPoEoVLAN: slot 0 adapter 0 port 1 sub-interface 102 IP 0.0.0.0 VPI 0 VCI 0 VLAN 102 *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Session-Handle = 385876049 (17000051) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: AAA-Authen-Method-List = "AAA-4-FORWARD" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Protocol-Type = 0 (PPP Access Protocol) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Final = 1 (YES) *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Auth-User = "pppoe@lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Auth-Domain = "lns.com" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Got More Keys *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Access type PPP: final key *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Must apply config before continuing *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Config Request from Client *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Event <got process config req>, State: need-init-keys to need-init-keys *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Process Config *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Apply config request set to AAA list Config: service-type 0 5 [Outbound] Config: tunnel-type 0 3 [l2tp] Config: Framed-Protocol 0 1 [PPP] Config: tunnel-medium-type 0 1 [IPv4] Config: tunnel-id 0 "lac-via-radius" Config: tunnel-password 0 <hidden> Config: tunnel-server-endpoi 0 "172.19.1.1" Config: tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: Sending pppoe@lns.com request to AAA *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: SSS PM: Allocating per-user profile info *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: SSS PM: Add per-user profile info to policy context *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Root SIP PPPoE *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Enable PPPoE parsing *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Enable PPP parsing *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[0]: Snapshot captured in Active context *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[0]: Active context created *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Event <make request>, state changed from idle to authorizing *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Active key set to Auth-User *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Authorizing key pppoe@lns.com *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Spoofed AAA reply sent for key pppoe@lns.com *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Received an AAA pass *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: [B4728388]:Reply message not exist Initial attr service-type 0 5 [Outbound] Initial attr tunnel-type 0 3 [l2tp] Initial attr Framed-Protocol 0 1 [PPP] Initial attr tunnel-medium-type 0 1 [IPv4] Initial attr tunnel-id 0 "lac-via-radius" Initial attr tunnel-password 0 <hidden> Initial attr tunnel-server-endpoi 0 "172.19.1.1" Initial attr tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: policy key list doesn't have IPv4 address *Jan 17 14:37:17.392: SSS PM: PARAMETERIZED-QoS: QOS parameters *Jan 17 14:37:17.392: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: VRF Parsing routine: service-type 0 5 [Outbound] tunnel-type 0 3 [l2tp] Framed-Protocol 0 1 [PPP] tunnel-medium-type 0 1 [IPv4] tunnel-id 0 "lac-via-radius" tunnel-password 0 <hidden> tunnel-server-endpoi 0 "172.19.1.1" tunnel-client-endpoi 0 "172.19.1.2" *Jan 17 14:37:17.392: SSS AAA AUTHOR [uid:40][AAA ID:51]: Parsed service; VPDN *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: SIP PPP[A4700F0] parsed as Success *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: SIP PPP[B009900] parsed as Ignore *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: SIP PPPoE[A501AC0] parsed as Success *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Event <found service>, state changed from authorizing to complete *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Found service info for key pppoe@lns.com *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Active Handle present - FB000007 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Apply config handle [750003F8] now set to [180003FE] *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[0]: Snapshot reverted from Active context to policy context *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Freeing Active Handle; SSS Policy Context Handle = 1D000028 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: ACTIVE HANDLE[2829]: Released active handle *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: PM directive AAA:VPDN maps to PM:Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: PROFILE: store profile "pppoe@lns.com" *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: is profile "pppoe@lns.com" in DB *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: Computed hash value = 2347614612 *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: No, add new list *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: create "pppoe@lns.com" *Jan 17 14:37:17.393: SSS PM: PROFILE-DB: create "pppoe@lns.com"/B48191D8 hdl 4D000400 ref 1 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: PROFILE: create B481B924, ref 1 *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Event <free request>, state changed from complete to terminal *Jan 17 14:37:17.393: SSS AAA AUTHOR [uid:40][AAA ID:51]: Cancel request *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Author Found Event *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Plumbing proposed by FSP *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: FSP info: B45F7020/VPDN data: B460E1C8 SVM: 00000000 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Apply of config finished; provide the found network service *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Network service found; continuing rule *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Run action with no altered name *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: State: need-init-keys to initial-req *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[0]: Have key Auth-User *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: DOMAIN/PPP-4-FORWARD event session-start/20 authenticate aaa list AAA-4-FORWARD *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Back to parent rule *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[1]: Run next parent action *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[2]: No more actions to run *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[3]: Using previously offered directive Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: Continue *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE[4]: PPPOE/PPP event session-start/12 service-policy type control DOMAIN *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Event <srvf found>, State: initial-req to wait-for-events *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Service Direction *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Plumbing proposed by FSP *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: Policy reply - Forwarding *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Looking for a rule for event session-service-found *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Intf CloneSrc Vt2: service-rule any: PPPOE *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Evaluate "PPPOE" for session-service-found *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Not matched "PPPOE/PPP event session-start" *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: No match for "PPPOE" *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Intf InputI/f Et0/1.102: service-rule any: None *Jan 17 14:37:17.393: SSS PM [uid:40][B4728388][AAA ID:51]: RULE: Glob: service-rule any: None *Jan 17 14:37:17.393: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.393: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.394: ppp40 PPP: No AAA accounting method list *Jan 17 14:37:17.397: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.397: SSS PM: ANCP not enabled on 'Ethernet0/1.102' - not retrieving default shaper value *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: SM Policy invoke - Apply Config Success *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: [PARAMETERIZED-QoS]: No rabapol context created yet for handle [1D000028], returning compatible *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Event <got apply config success>, State: wait-for-events to wait-for-events *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Handling Apply Config; SUCCESS *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: session start done *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Removed attribute list just processed *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: no callback for callback north *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Null client block; Can't update RP *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: Client block is NULL in get client block with handle 1D000028 *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: No pending events to process *Jan 17 14:37:17.397: SSS PM [uid:40][B4728388][AAA ID:51]: No pending eventst *Jan 17 14:37:17.397: ppp40 PPP: Phase is FORWARDED, Session Forwarded