Перейти к содержимому

Juniper MX80 + Freeradius PPPoE


Рекомендованные сообщения

Добрый день!

Интересует совместная работа freeradius и mx-80.

Набросал конфиг Джунипера для PPPoE. Они между собой вроде как общаются, сессия абонента поднимается но тут же отваливается.

Может кто то работает по такой схеме, что то подскажет...?

Пока не могу найти причину...

Ссылка на сообщение
Поделиться на других сайтах

Freeradius - промышленный стандарт в ISP. Ищите, что еще можно сказать.

Сильно много не скажу, для меня этот процесс новый. Могу предоставить конф жунипера, логи:

 

version 13.3R9.13;
dynamic-profiles {
    pppoe-profile {
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    ppp-options {
                        chap;
                        pap;
                    }
                    pppoe-options {
                        underlying-interface "$junos-underlying-interface";
                        server;
                    }
                    family inet {
                        filter {
                            input "$junos-input-filter";
                            output "$junos-output-filter";
                        }
                        unnumbered-address lo0.0;
                    }
                }
            }
        }
    }
    VLAN-PPPoE {
        interfaces {
            demux0 {
                unit "$junos-interface-unit" {
                    vlan-id "$junos-vlan-id";
                    demux-options {
                        underlying-interface "$junos-interface-ifd-name";
                    }
                    family pppoe {
                        access-concentrator PPPoE;
                        duplicate-protection;
                        dynamic-profile pppoe-profile;
                    }
                }
            }
        }
    }
    CLIENTS-PPPoE {
        interfaces {
            demux0 {
                unit "$junos-interface-unit" {
                    family pppoe {
                        duplicate-protection;
                        dynamic-profile pppoe-profile;
                    }
                }
            }
        }
    }
    svc-global-pppoe {
        interfaces {
            pp0 {
                unit "$junos-interface-unit" {
                    family inet;
                }
            }
        }
    }
}
system {
    host-name Juni-2;
    authentication-order [ password radius ];
    root-authentication {
        encrypted-password "$1$26QTXFt9$FmyjntPcZFpqpgDzo8fbh/"; ## SECRET-DATA
    }
    name-server {
        x.x.x.x;
    }
    radius-server {
        81.x.x.41 {
            port 1812;
            accounting-port 1813;
            secret "$9$NA-YoDjqfQnk."; ## SECRET-DATA
            timeout 10;
        }
    }
    radius-options {
        password-protocol mschap-v2;
        attributes {
            nas-ip-address 81.x.x.16;
        }
    }
    services {
        ssh;
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
    }
    processes {
        general-authentication-service {
            traceoptions {
                file radius;
                flag all;
            }
        }
    }
}
logical-systems {
    LS1 {
        routing-instances {
            RI1 {
                access-profile CLIENTS;
            }
        }
    }
}
chassis {
    network-services ethernet;
}
access-profile CLIENTS;                 
interfaces {
    ge-1/1/0 {
        description TEST;
        unit 0 {
            family inet {
                address 81.x.x.16/26;
            }
        }
    }
    ge-1/1/1 {
        description to_PPPoE;
        flexible-vlan-tagging;
        auto-configure {
            vlan-ranges {
                dynamic-profile VLAN-PPPoE {
                    accept pppoe;
                    ranges {
                        2157-2157;
                    }
                }
            }
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.100.16/24;
            }
        }
    }
    inactive: irb {
        unit 0 {
            family inet {
                address 81.x.x.16/26;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input SSH_Limit;
                }
                address 127.0.0.1/32;
            }
        }
    }
}                                       
protocols {
    ospf {
        area 0.0.0.0 {
            inactive: interface irb.0;
            interface ge-1/1/0.0;
        }
    }
    ppp {
        traceoptions {
            file pppoe;
            level all;
            flag all;
        }
    }
    pppoe {
        service-name-tables Table1 {
            service empty {
                drop;
            }
            service user1-service {
                terminate;
                agent-specifier aci test ari test1 {
                    delay 10;
                }
                agent-specifier aci test2 ari test3 {
                    delay 10;
                }
            }
            service user2-service {
                delay 20;
            }
        }
    }
}
firewall {
    filter SSH_Limit {
        term allow_ip {
            from {
                source-address {
                    37.x.x.x/21;
                    46.x.x.x/21;
                    79.x.x.x/20;
                    81.x.x.x/20;
                    176.x.x.x/21;
                }
                destination-port 22;
            }
            then accept;                
        }
        term block_another {
            from {
                destination-port 22;
            }
            then {
                discard;
            }
        }
        term allow_all {
            then accept;
        }
    }
}
access {
    radius-server {
        81.x.x.41 {
            port 1812;
            accounting-port 1813;
            secret "$9$yBzrWxbwgJUH24"; ## SECRET-DATA
        }
    }
    profile CLIENTS {
        authentication-order radius;
        radius {
            authentication-server 81.x.x.41;
            accounting-server 81.x.x.41;
            options {
                nas-port-id-format {
                    nas-identifier;
                    interface-description;
                    agent-circuit-id;
                    agent-remote-id;
                }
            }
            attributes {
                ignore {
                    output-filter;
                    input-filter;
                }
            }
        }
        accounting {
            order radius;
            accounting-stop-on-failure;
            accounting-stop-on-access-deny;
            immediate-update;
            coa-immediate-update;       
            update-interval 600;
            statistics volume-time;
        }
    }
}
 
Сессия на жунипере:
 
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.1073741824
Interface type: Dynamic
Underlying Interface: ge-1/1/1
Dynamic Profile Name: VLAN-PPPoE
State: Active
Session ID: 1
VLAN Id: 2157
Login Time: 2017-10-17 14:56:53 UTC
 
Type: PPPoE
User Name: ppptest
IP Address: 79.x.x.25
Logical System: default
Routing Instance: default
Interface: pp0.1073758999
Interface type: Dynamic
Underlying Interface: demux0.1073741824
Dynamic Profile Name: pppoe-profile
MAC Address: 90:94:e4:c8:83:ff
State: Configured
Radius Accounting ID: 17176
Session ID: 17176
VLAN Id: 2157
Login Time: 2017-10-20 23:46:00 UTC

 

Лог жунипера:

 

Oct 20 23:50:16.442716 Client request received on conn-id:jpppd session-id:17176 Opcode:2113, Subcode:0
Oct 20 23:50:16.442773 Taking a client snapshot, session-id:17176
Oct 20 23:50:16.442972  setAccountingInfo: NULL profile ? 0
Oct 20 23:50:16.443011  setAccountingInfo: service accounting order
Oct 20 23:50:16.443069 Creating SubscriberASTEntry for session-id:17176, session name:ppptest
Oct 20 23:50:16.443121 UserAccess:ppptest session-id:17176 state:login-request
Oct 20 23:50:16.443237 fillSessionDBAttributes: session-id: 17176, ifdName: ge-1/1/1
Oct 20 23:50:16.443293 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:419 No access-profile found in the SDB for session-id:17176
Oct 20 23:50:16.443337 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:433 PhyIfdName found in the SDB for session-id:17176
Oct 20 23:50:16.443387 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:441 InterfaceName found in the SDB for session-id:17176
Oct 20 23:50:16.443444 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:799 Querying the access-profile for user:ppptest on LR/RI:default:default
Oct 20 23:50:16.443515 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:811 Access Profile Name from context is <CLIENTS>
Oct 20 23:50:16.443572 authd_get_auth_request_nas_attr: The request list is from aaa_msg
Oct 20 23:50:16.443646 authd_get_auth_request_nas_attr: No Agent Circuit ID attribute from SDB
Oct 20 23:50:16.443682 authd_get_auth_request_nas_attr: No Agent Remote ID attribute from SDB
Oct 20 23:50:16.443719 authd_get_auth_request_nas_attr: No interface SVLAN attribute from SDB
Oct 20 23:50:16.443753 authd_get_auth_request_nas_attr: No interface ATM VPI attribute from SDB
Oct 20 23:50:16.443785 authd_get_auth_request_nas_attr: No interface ATM VCI attribute from SDB
Oct 20 23:50:16.443816 authd_get_auth_request_nas_attr: Recovered from SDB - VPI:-1 VCI:-1 NasPortType:15
Oct 20 23:50:16.443885 authd_get_interface_nas_port_options Interface Radius-Options for Interface ge-1/1/1 not found
Oct 20 23:50:16.443964 authd_build_radius_nas_port_and_id: NASPortID = Juni-2#ge-1/1/1.demux0.1073741824:2157##, NASPort = 1040086d, CallingStationID =
Oct 20 23:50:16.444471 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:947 Setting multi-acct-session-id to 0
Oct 20 23:50:16.444520  setAccountingInfo: NULL profile ? 36017364
Oct 20 23:50:16.444561  setAccountingInfo: service accounting order
Oct 20 23:50:16.445075 updateCoaDynamicVariableValidation coaValidation: 0
Oct 20 23:50:16.445135 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:552 JSRC: NOT calling jsrc restore function: - notify off - jsrc id empty
Oct 20 23:50:16.445177 Bundle session id not found, setting to NULL
Oct 20 23:50:16.445214 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:569 multi-acct-session-id set to 0
Oct 20 23:50:16.445255 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:690 access profile: CLIENTS
Oct 20 23:50:16.445292 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:756 On-demand IP address set to 0
Oct 20 23:50:16.445373 UserAccess:ppptest session-id:17176 Access-profile:CLIENTS Multi-Acct-Session-Id:0
Oct 20 23:50:16.445413 authd_auth_modules_pre_feed_sanity: message passed sanity test profile=(), username=()
Oct 20 23:50:16.445456 AuthFsm::current state=AuthInit(0) event=1 astEntry=0x20ff4d8 aaa msg=0x1f7006c
Oct 20 23:50:16.445500 ###################################################################
Oct 20 23:50:16.445533 ########################### AUTH REQ RCVD #########################
Oct 20 23:50:16.445564 ###################################################################
Oct 20 23:50:16.445594 Auth-FSM: Process Auth-Request for session-id:17176
Oct 20 23:50:16.445708 Framework: Starting authentication
Oct 20 23:50:16.445825 authd_advance_module_for_aaa_request_msg: result:0
Oct 20 23:50:16.445865 Authd module start
Oct 20 23:50:16.445896 authd_radius_start_auth: Starting RADIUS authentication
Oct 20 23:50:16.445989 authd_radius_build_basic_auth_request: got params  profile=CLIENTS, username=ppptest
Oct 20 23:50:16.446029 radius-access-request: User-Name added: ppptest
Oct 20 23:50:16.446092 radius-access-request: Service-Type added: 2
Oct 20 23:50:16.446144 radius-access-request: Framed-Protocol added: 1
Oct 20 23:50:16.446191 radius-access-request: CHAP-Password added: ""
Oct 20 23:50:16.446236 radius-access-request: CHAP-Challenge added: ""
Oct 20 23:50:16.446283 radius-access-request: Chargeable-User-Identity added:
Oct 20 23:50:16.446332 radius-access-request: Acct-Session-Id added: 17176
Oct 20 23:50:16.446386 radius-access-request: DHCP-MAC-Address (Juniper-ERX-VSA) added: 9094.e4c8.83ff
Oct 20 23:50:16.446436 radius-access-request: NAS-Identifier added: Juni-2
Oct 20 23:50:16.446489 radius-access-request: NAS-Port added: 10 40 08 6d
Oct 20 23:50:16.446531 radius-access-request: NAS-Port-Id added: Juni-2#ge-1/1/1.demux0.1073741824:2157##
Oct 20 23:50:16.446577 radius-access-request: NAS-Port-Type added: 15
Oct 20 23:50:16.446658 radius-access-request: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 90:94:e4:c8:83:ff
Oct 20 23:50:16.446757 authd_create_application_specific_radius_server: Evaluating RADIUS server 0x511ea029 to add to the server list
Oct 20 23:50:16.446952 REQUEST: AUTHEN - module_index 0 module(radius) return: ASYNC
Oct 20 23:50:16.447014 UserAccess:ppptest session-id:17176 state:start Juni-2#ge-1/1/1.demux0.1073741824:2157##
Oct 20 23:50:16.447055 Auth-FSM: GRES-Mirror for session-id:17176 state:AuthStart(1)
Oct 20 23:50:17.154509 authd_radius_get_config:Using radius option config from access profile stanza
Oct 20 23:50:17.154635 loadDefaultService:: default service for the subscriber is empty
Oct 20 23:50:17.154672 Radius result is CLIENT_REQ_STATUS_SUCCESS
Oct 20 23:50:17.154764 Parsing RADIUS message for session-id:17176
Oct 20 23:50:17.154829 radius-access-accept: Framed-IP-Address received: 79.x.x.25
Oct 20 23:50:17.154882 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#1=description pppoeuser_ppptest
Oct 20 23:50:17.154979 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#1=description pppoeuser_ppptest
Oct 20 23:50:17.155031 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#2=rate-limit input 50000000 5000000 5000000 conform-action transmit exceed-action drop
Oct 20 23:50:17.155102 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#2=rate-limit input 50000000 5000000 5000000 conform-action transmit exceed-action drop
Oct 20 23:50:17.155153 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#3=rate-limit output 50000000 5000000 5000000 conform-action transmit exceed-action drop
Oct 20 23:50:17.155224 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#3=rate-limit output 50000000 5000000 5000000 conform-action transmit exceed-action drop
Oct 20 23:50:17.155274 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#4=ip access-group permitall in
Oct 20 23:50:17.155435 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#4=ip access-group permitall in
Oct 20 23:50:17.155486 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#5=ip access-group permitall out
Oct 20 23:50:17.155556 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#5=ip access-group permitall out
Oct 20 23:50:17.156978 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: ip:dns-servers=x.x.x.x y.y.y.y
Oct 20 23:50:17.157250 radius-access-accept: AV-Pair (Cisco-VSA) received: ip:dns-servers=x.x.x.x y.y.y.y
Oct 20 23:50:17.157315 radius-access-accept: Session-Timeout received: 2592000
Oct 20 23:50:17.157368 radius-access-accept: Acct-Interim-Interval received: 600
Oct 20 23:50:17.157420 Framework - module(radius) return: SUCCESS
Oct 20 23:50:17.157456 authd_advance_module_for_aaa_response_msg: result:2
Oct 20 23:50:17.157513 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:21 len:4
Oct 20 23:50:17.157561 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:53 len:4
Oct 20 23:50:17.157602 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1673client-session response-attr:: interim-interval:600
Oct 20 23:50:17.158258 Decoding incoming attributes
Oct 20 23:50:17.158304 Subscriber attribute 10169, length 8
Oct 20 23:50:17.158341 Subscriber attribute 10080, length 17
Oct 20 23:50:17.158378 Subscriber attribute 10153, length 30
Oct 20 23:50:17.158414 Subscriber attribute 10005, length 4
Oct 20 23:50:17.158455 Received subscriber login request, subscriber session-id:17176
Oct 20 23:50:17.158505 Decoding attribute 10005 length 4
Oct 20 23:50:17.158544 Decoding attribute 10080 length 17
Oct 20 23:50:17.158578 Decoding attribute 10153 length 30
Oct 20 23:50:17.158611 Decoding attribute 10169 length 8
Oct 20 23:50:17.158667 Processing address request in default:default network 255.255.255.254 mac 90:94:E4:C8:83:FF
Oct 20 23:50:17.159935 Processing rule External-Authority
Oct 20 23:50:17.159979  ************** START-ExternalAuthority ******************
Oct 20 23:50:17.160018 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default
Oct 20 23:50:17.160066       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 20 23:50:17.160116       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 20 23:50:17.160166       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 20 23:50:17.160209       V6NA: req: no pool: NULL address: null
Oct 20 23:50:17.160260       V6PD: req: no pool: NULL prefix: null/0
Oct 20 23:50:17.160308       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 20 23:50:17.160346  *********************************************************
Oct 20 23:50:17.160380 NDRA PREFIX ALLOC begin
Oct 20 23:50:17.160411 IPV4 ADDRESS ALLOC begin
Oct 20 23:50:17.160458 IPV6 ADDRESS ALLOC begin
Oct 20 23:50:17.160493 IPV6 PREFIX ALLOC begin
Oct 20 23:50:17.160524  *************** END-ExternalAuthority *******************
Oct 20 23:50:17.160633 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default
Oct 20 23:50:17.160684       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 20 23:50:17.160736       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 20 23:50:17.160787       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 20 23:50:17.160829       V6NA: req: no pool: NULL address: null
Oct 20 23:50:17.160878       V6PD: req: no pool: NULL prefix: null/0
Oct 20 23:50:17.160926       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 20 23:50:17.160963  *********************************************************
Oct 20 23:50:17.161001 Processing rule Network-Match
Oct 20 23:50:17.161035  ***************** START-NetworkMatch ********************
Oct 20 23:50:17.161096 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default
Oct 20 23:50:17.161551       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 20 23:50:17.161601       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 20 23:50:17.161651       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 20 23:50:17.161693       V6NA: req: no pool: NULL address: null
Oct 20 23:50:17.161792       V6PD: req: no pool: NULL prefix: null/0
Oct 20 23:50:17.161842       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 20 23:50:17.161879  *********************************************************
Oct 20 23:50:17.161913 IPV4 ADDRESS ALLOC begin
Oct 20 23:50:17.161956 IPV6 ADDRESS ALLOC begin
Oct 20 23:50:17.161992 IPV6 PREFIX ALLOC begin
Oct 20 23:50:17.162024  ****************** END-NetworkMatch *********************
Oct 20 23:50:17.162061 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default
Oct 20 23:50:17.162106       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 20 23:50:17.162153       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 20 23:50:17.162203       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 20 23:50:17.162245       V6NA: req: no pool: NULL address: null
Oct 20 23:50:17.162292       V6PD: req: no pool: NULL prefix: null/0
Oct 20 23:50:17.162339       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 20 23:50:17.162375  *********************************************************
Oct 20 23:50:17.162412 Processing rule Client-Authority
Oct 20 23:50:17.162448 Done processing rules
Oct 20 23:50:17.162499 Trying to assign address 79.x.x.25 to subscriber session-id:17176
Oct 20 23:50:17.162951 Result have been returned with opcode=0, result=2
Oct 20 23:50:17.162994  ************* Results of Address Allocation *************
Oct 20 23:50:17.163031 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default
Oct 20 23:50:17.163100       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 20 23:50:17.163150       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 20 23:50:17.163201       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 20 23:50:17.163243       V6NA: req: no pool: NULL address: null
Oct 20 23:50:17.163292       V6PD: req: no pool: NULL prefix: null/0
Oct 20 23:50:17.163339       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 20 23:50:17.163377  *********************************************************
Oct 20 23:50:17.163425  authd_auth_update_local_server_address ::Searching access profile CLIENTS for local DNS Server
Oct 20 23:50:17.163481 AuthFsm::current state=AuthStart(1) event=2 astEntry=0x20ff4d8 aaa msg=0x1f7006c
Oct 20 23:50:17.163525 Auth-FSM: Process Auth-Response for session-id:17176 and client type broadband
Oct 20 23:50:17.163559 createDynamicRequest: (2) received
Oct 20 23:50:17.163617 Framework: auth result is 1. Performing post-auth operations
Oct 20 23:50:17.163659 Found a Session Timeout value: 2592000  passing it into the Accounting Module
Oct 20 23:50:17.163694 Framework: result is 1.
Oct 20 23:50:17.163902 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=1 (ACCESS_OK), sub-id=17176, cookie=18311, rply_len=28, num_tlv_blocks=0
Oct 20 23:50:17.163960 ###################################################################
Oct 20 23:50:17.163992 ######################### AUTH REQ ACK SENT #######################
Oct 20 23:50:17.164022 ###################################################################
Oct 20 23:50:17.164073 Auth-FSM: GRES-Mirror for session-id:17176 state:AuthClntRespWait(4)
Oct 20 23:50:17.164368 authd_auth_aaa_msg_destroy
Oct 20 23:50:17.164431 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c
Oct 20 23:50:17.164883 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0
Oct 20 23:50:17.166035 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes
Oct 20 23:50:17.224766 serviceRadiusRequestQueues Serviced 1 RADIUS requests
Oct 20 23:50:17.224849 serviceRadiusRequestQueues Queue CLIENTS has 0 requests, peak is 0
 
Радиус:
 
rad_recv: Accounting-Request packet from host 81.x.x.16 port 50513, id=96, length=365
User-Name = "ppptest"
Acct-Status-Type = Stop
Acct-Session-Id = "17176"
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Session-Time = 119
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Terminate-Cause = NAS-Request
Service-Type = Framed-User
Framed-Protocol = PPP
ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
ERX-Dhcp-Mac-Addr = "9094.e4c8.83ff"
Event-Timestamp = "Oct 21 2017 02:45:51 EEST"
Framed-IP-Address = 79.x.x.25
ERX-Input-Gigapkts = 0
Acct-Input-Gigawords = 0
NAS-Identifier = "Juni-2"
NAS-Port = 272631917
NAS-Port-Id = "Juni-2#ge-1/1/1.demux0.1073741824:2157##"
NAS-Port-Type = Ethernet
ERX-Output-Gigapkts = 0
Acct-Output-Gigawords = 0
ERX-IPv6-Acct-Input-Octets = 0
ERX-IPv6-Acct-Output-Octets = 0
ERX-IPv6-Acct-Input-Packets = 0
ERX-IPv6-Acct-Output-Packets = 0
ERX-IPv6-Acct-Input-Gigawords = 0
ERX-IPv6-Acct-Output-Gigawords = 0
ERX-Pppoe-Description = "pppoe 90:94:e4:c8:83:ff"
server pppoe {
# Executing section preacct from file /etc/freeradius/sites-enabled/pppoe
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 272631917,Client-IP-Address = 81.x.x.16,NAS-IP-Address = 81.x.x.16,Acct-Session-Id = "17176",User-Name = "ppptest"'
[acct_unique] Acct-Unique-Session-ID = "8670275f415c5fbd".
++[acct_unique] returns ok
# Executing section accounting from file /etc/freeradius/sites-enabled/pppoe
+- entering group accounting {...}
[fixusername] expand:   ->  
fixusername: Does not match: User-Name = ppptest
++[fixusername] returns ok
[detail] expand: %{Packet-Src-IP-Address} -> 81.x.x.16
[detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/81.x.x.16/detail-20171020
[detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/81.x.x.16/detail-20171020
[detail] expand: %t -> Fri Oct 20 23:40:58 2017
++[detail] returns ok
[sql_pppoe] expand: %{Stripped-User-Name} -> 
[sql_pppoe] ... expanding second conditional
[sql_pppoe] expand: %{User-Name} -> ppptest
[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest
[sql_pppoe] sql_set_user escaped user --> 'ppptest'
[sql_pppoe] expand: %{Acct-Input-Gigawords} -> 0
[sql_pppoe] expand: %{Acct-Input-Octets} -> 0
[sql_pppoe] expand: %{Acct-Output-Gigawords} -> 0
[sql_pppoe] expand: %{Acct-Output-Octets} -> 0
[sql_pppoe] expand: %{Acct-Delay-Time} -> 0
[sql_pppoe] expand:            UPDATE sessions SET              acctstoptime       = '%S',              status = 'stop',              framedipaddress = '%{Framed-IP-Address}',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}',               ServiceInfo        = clearuserip('%{SQL-User-Name}')           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = LCASE ('%{SQL-User-Name}')           AND nasipaddress      = '%{NAS-IP-Address}' ->            UPDATE sessions SET              acctstoptime       = '2017-10-20 23:40:58',    
rlm_sql (sql_pppoe): Reserving sql socket id: 59
[sql_pppoe] expand: %{Acct-Session-Time} -> 119
[sql_pppoe] expand: %{Acct-Delay-Time} -> 0
[sql_pppoe] expand: %{Acct-Input-Gigawords} -> 0
[sql_pppoe] expand: %{Acct-Input-Octets} -> 0
[sql_pppoe] expand: %{Acct-Output-Gigawords} -> 0
[sql_pppoe] expand: %{Acct-Output-Octets} -> 0
[sql_pppoe] expand: %{Acct-Delay-Time} -> 0
[sql_pppoe] expand:            INSERT INTO sessions             (acctsessionid, acctuniqueid, username,              realm, nasipaddress, nasportid,              nasporttype, acctstarttime, acctstoptime,              acctsessiontime, acctauthentic, connectinfo_start,              connectinfo_stop, acctinputoctets, acctoutputoctets,              calledstationid, callingstationid, acctterminatecause,              servicetype, framedprotocol, framedipaddress,              acctstartdelay, acctstopdelay, serviceinfo)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL (%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0}) SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',              '%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |        
rlm_sql (sql_pppoe): Released sql socket id: 59
++[sql_pppoe] returns ok
} # server pppoe
Sending Accounting-Response of id 96 to 81.x.x.16 port 50513
Finished request 25.
Cleaning up request 25 ID 96 with timestamp +113
Going to the next request
Waking up in 4.0 seconds.
 
 
rad_recv: Access-Request packet from host 81.x.x.16 port 50513, id=97, length=211
User-Name = "ppptest"
Service-Type = Framed-User
Framed-Protocol = PPP
CHAP-Password = 0xbda86ffc7ef592c7a72fb28ed986242878
CHAP-Challenge = 0xab7f17d37b6d066f8bf3d6110c0f5b9dd45c11898019c915
Chargeable-User-Identity = ""
Acct-Session-Id = "17176"
ERX-Dhcp-Mac-Addr = "9094.e4c8.83ff"
NAS-Identifier = "Juni-2"
NAS-Port = 272631917
NAS-Port-Id = "Juni-2#ge-1/1/1.demux0.1073741824:2157##"
NAS-Port-Type = Ethernet
ERX-Pppoe-Description = "pppoe 90:94:e4:c8:83:ff"
server pppoe {
# Executing section authorize from file /etc/freeradius/sites-enabled/pppoe
+- entering group authorize {...}
[fixusername] expand:   ->  
fixusername: Does not match: User-Name = ppptest
++[fixusername] returns ok
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
[sql_pppoe] expand: %{Stripped-User-Name} -> 
[sql_pppoe] ... expanding second conditional
[sql_pppoe] expand: %{User-Name} -> ppptest
[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest
[sql_pppoe] sql_set_user escaped user --> 'ppptest'
rlm_sql (sql_pppoe): Reserving sql socket id: 58
[sql_pppoe] expand: SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE LCASE(UserName) = LCASE ('%{SQL-User-Name}')           AND (getuserlimitact(LCASE(UserName)) = 1)          ORDER BY id -> SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE LCASE(UserName) = LCASE ('ppptest')           AND (getuserlimitact(LCASE(UserName)) = 1)          ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[sql_pppoe] User found in radcheck table
[sql_pppoe] expand: SELECT id, UserName, Attribute, getparam(Value, Value1, '%{NAS-IP-Address}'), op           FROM radreply           WHERE LCASE(UserName) = LCASE ('%{SQL-User-Name}')           AND (getuserlimitact(LCASE(UserName)) = 1)          ORDER BY id -> SELECT id, UserName, Attribute, getparam(Value, Value1, '81.x.x.16'), op           FROM radreply           WHERE LCASE(UserName) = LCASE ('ppptest')           AND (getuserlimitact(LCASE(UserName)) = 1)          ORDER BY id
[sql_pppoe] expand: SELECT GroupName FROM usergroup WHERE LCASE(UserName)=LCASE ('%{SQL-User-Name}') AND (getuserlimitact(LCASE ('%{SQL-User-Name}')) = 1) -> SELECT GroupName FROM usergroup WHERE LCASE(UserName)=LCASE ('ppptest') AND (getuserlimitact(LCASE ('ppptest')) = 1)
[sql_pppoe] expand: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE LCASE(usergroup.Username) = LCASE ('%{SQL-User-Name}') AND usergroup.GroupName = radgroupcheck.GroupName AND ((getuserlimitact(LCASE ('%{SQL-User-Name}')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupcheck.id -> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE LCASE(usergroup.Username) = LCASE ('ppptest') AND usergroup.GroupName = radgroupcheck.GroupName AND ((getuserlimitact(LCASE ('ppptest')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupcheck.id
[sql_pppoe] User found in group reretail_real
[sql_pppoe] expand: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE LCASE(usergroup.Username) = LCASE ('%{SQL-User-Name}') AND usergroup.GroupName = radgroupreply.GroupName AND ((getuserlimitact(LCASE ('%{SQL-User-Name}')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupreply.id -> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE LCASE(usergroup.Username) = LCASE ('ppptest') AND usergroup.GroupName = radgroupreply.GroupName AND ((getuserlimitact(LCASE ('ppptest')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupreply.id
rlm_sql (sql_pppoe): Released sql socket id: 58
++[sql_pppoe] returns ok
Found Auth-Type = CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/pppoe
+- entering group CHAP {...}
[chap] login attempt by "ppptest" with CHAP password
[chap] Using clear text password "ppptest" for user ppptest authentication.
[chap] chap user ppptest authenticated succesfully
++[chap] returns ok
# Executing section session from file /etc/freeradius/sites-enabled/pppoe
+- entering group session {...}
[sql_pppoe] expand: %{Stripped-User-Name} -> 
[sql_pppoe] ... expanding second conditional
[sql_pppoe] expand: %{User-Name} -> ppptest
[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest
[sql_pppoe] sql_set_user escaped user --> 'ppptest'
[sql_pppoe] expand: SELECT COUNT(*) FROM sessions WHERE UserName=LCASE('%{SQL-User-Name}') AND status NOT LIKE 'stop' -> SELECT COUNT(*) FROM sessions WHERE UserName=LCASE('ppptest') AND status NOT LIKE 'stop'
rlm_sql (sql_pppoe): Reserving sql socket id: 57
[sql_pppoe] expand: SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM sessions WHERE UserName=LCASE('%{SQL-User-Name}') AND status NOT LIKE 'stop' ORDER BY RadAcctId DESC Limit 40 -> SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM sessions WHERE UserName=LCASE('ppptest') AND status NOT LIKE 'stop' ORDER BY RadAcctId DESC Limit 40
checkrad: unknown NAS type Juni-2
rlm_sql (sql_pppoe): Released sql socket id: 57
[sql_pppoe] Failed to check the terminal server for user 'ppptest'.
++[sql_pppoe] returns fail
Login OK: [ppptest/<CHAP-Password>] (from client MX80 port 272631917)
# Executing section post-auth from file /etc/freeradius/sites-enabled/pppoe
+- entering group post-auth {...}
[sql_pppoe] expand: %{Stripped-User-Name} -> 
[sql_pppoe] ... expanding second conditional
[sql_pppoe] expand: %{User-Name} -> ppptest
[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest
[sql_pppoe] sql_set_user escaped user --> 'ppptest'
[sql_pppoe] expand: %{User-Password} -> 
[sql_pppoe] ... expanding second conditional
[sql_pppoe] expand: %{Chap-Password} -> 0xbda86ffc7ef592c7a72fb28ed986242878
[sql_pppoe] expand: INSERT into radpostauth (id, user, pass, reply, date) values ('', LCASE ('%{SQL-User-Name}'), '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT into radpostauth (id, user, pass, reply, date) values ('', LCASE ('ppptest'), '0xbda86ffc7ef592c7a72fb28ed986242878', 'Access-Accept', '2017-10-20 23:41:06')
rlm_sql (sql_pppoe) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', LCASE ('ppptest'), '0xbda86ffc7ef592c7a72fb28ed986242878', 'Access-Accept', '2017-10-20 23:41:06')
rlm_sql (sql_pppoe): Reserving sql socket id: 56
rlm_sql (sql_pppoe): Released sql socket id: 56
++[sql_pppoe] returns ok
[echo] expand: %{User-Name} -> ppptest
Exec-Program output: ppptest 
Exec-Program-Wait: plaintext: ppptest 
Exec-Program: returned: 0
++[echo] returns ok
Executing /usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}
expand: %{User-Name} -> ppptest
Exec-Program output: 2
Exec-Program-Wait: plaintext: 2
Exec-Program: returned: 0
result 0
expand: %{echo:/usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}} -> 2
++- entering switch %{echo:/usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}} {...}
+++- switch %{echo:/usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}} returns noop
++- group post-auth returns noop
} # server pppoe
Sending Access-Accept of id 97 to 81.x.x.16 port 50513
Framed-IP-Address = 79.x.x.25
Cisco-AVPair = "lcp:interface-config#1=description pppoeuser_ppptest"
Cisco-AVPair += "lcp:interface-config#2=rate-limit input 50000000 5000000 5000000 conform-action transmit exceed-action drop"
Cisco-AVPair += "lcp:interface-config#3=rate-limit output 50000000 5000000 5000000 conform-action transmit exceed-action drop"
Cisco-AVPair += "lcp:interface-config#4=ip access-group permitall in"
Cisco-AVPair += "lcp:interface-config#5=ip access-group permitall out"
Cisco-AVPair += "ip:dns-servers=x.x.x.x y.y.y.y"
Session-Timeout := 2592000
Acct-Interim-Interval := 300
Finished request 27.
Going to the next request
Cleaning up request 26 ID 23 with timestamp +116

 

Сессия держится на жунипере примерно 2 мин. (Acct-Session-Time = 119), в это время со стороны клиента ничего не происходит, он ничего не получает.

Возможно проблема связана с атрибутами. Там кстати проскакивают цысковские AVPair, еще их не убирал, но я не думаю что из за этого падает сессия.

Ссылка на сообщение
Поделиться на других сайтах

а где передача из радиуса атрибута ERX-Service-Activate  ? или потом через COA радиуса сервис навешиваете?

Ну дело до передачи сервисов еще не дошло, пока бы разобраться почему отваливаются сессии.

Ссылка на сообщение
Поделиться на других сайтах

keepalive где?

Попробовал так, но без изменений:

 

pppoe-profile {
    interfaces {
        pp0 {
            unit "$junos-interface-unit" {
                ppp-options {
                    chap;
                    pap;
                }
                pppoe-options {
                    underlying-interface "$junos-underlying-interface";
                    server;
                }
                no-keepalives;
                family inet {
                    filter {
                        input "$junos-input-filter";
                        output "$junos-output-filter";
                    }
                    unnumbered-address lo0.0;
                }
            }
        }
    }
}
 
И так "keepalives interval 60", но ничего
Изменено пользователем SanMiron
Ссылка на сообщение
Поделиться на других сайтах

 

keepalive где?

Попробовал так, но без изменений:

 

pppoe-profile {
    interfaces {
        pp0 {
            unit "$junos-interface-unit" {
                ppp-options {
                    chap;
                    pap;
                }
                pppoe-options {
                    underlying-interface "$junos-underlying-interface";
                    server;
                }
                no-keepalives;
                family inet {
                    filter {
                        input "$junos-input-filter";
                        output "$junos-output-filter";
                    }
                    unnumbered-address lo0.0;
                }
            }
        }
    }
}
 
И так "keepalives interval 60", но ничего

 

 

 dyn-pppoe {
    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name";
        }
    }
    interfaces {
        pp0 {
            unit "$junos-interface-unit" {
                ppp-options {
                    pap;
                }
                pppoe-options {
                    underlying-interface "$junos-underlying-interface";
                    server;
                }
                keepalives interval 30;
                family inet {
                    unnumbered-address "$junos-loopback-interface";
                }
            }
        }
    }
}
 
у меня так работает.. проблем никаких...
 
а Session-Timeout := 2592000   такой зачем отдавать? 
Ссылка на сообщение
Поделиться на других сайтах

 

 

keepalive где?

Попробовал так, но без изменений:

 

pppoe-profile {
    interfaces {
        pp0 {
            unit "$junos-interface-unit" {
                ppp-options {
                    chap;
                    pap;
                }
                pppoe-options {
                    underlying-interface "$junos-underlying-interface";
                    server;
                }
                no-keepalives;
                family inet {
                    filter {
                        input "$junos-input-filter";
                        output "$junos-output-filter";
                    }
                    unnumbered-address lo0.0;
                }
            }
        }
    }
}
 
И так "keepalives interval 60", но ничего

 

 

 dyn-pppoe {
    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name";
        }
    }
    interfaces {
        pp0 {
            unit "$junos-interface-unit" {
                ppp-options {
                    pap;
                }
                pppoe-options {
                    underlying-interface "$junos-underlying-interface";
                    server;
                }
                keepalives interval 30;
                family inet {
                    unnumbered-address "$junos-loopback-interface";
                }
            }
        }
    }
}
 
у меня так работает.. проблем никаких...
 
а Session-Timeout := 2592000   такой зачем отдавать? 

 

Попробовал ради интереса, ситуация та же, скорее всего не в этом проблема:

 

pppoe-profile {
    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name";
        }
    }
    interfaces {
        pp0 {
            unit "$junos-interface-unit" {
                ppp-options {
                    chap;
                    pap;
                }
                pppoe-options {
                    underlying-interface "$junos-underlying-interface";
                    server;
                }
                keepalives interval 30;
                family inet {
                    unnumbered-address "$junos-loopback-interface";
                }
            }
        }
    }
}
 
Juni-2> show subscribers extensive    
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.1073768571
Interface type: Dynamic
Underlying Interface: ge-1/1/1
Dynamic Profile Name: VLAN-PPPoE
State: Active
Session ID: 26748
VLAN Id: 2157
Login Time: 2017-10-23 20:04:52 UTC
 
Type: PPPoE
User Name: ppptest
IP Address: 79.x.x.25
Logical System: default
Routing Instance: default
Interface: pp0.1073768572
Interface type: Dynamic
Underlying Interface: demux0.1073768571
Dynamic Profile Name: pppoe-profile
MAC Address: 90:94:e4:c8:83:ff
State: Configured
Radius Accounting ID: 26749
Session ID: 26749
VLAN Id: 2157
Login Time: 2017-10-23 20:04:57 UTC
 
Juni-2> show subscribers extensive    
Total subscribers: 0, Active Subscribers: 0
 
Juni-2> show subscribers extensive    
Total subscribers: 0, Active Subscribers: 0
 
Juni-2> show subscribers extensive    
Total subscribers: 0, Active Subscribers: 0
 
Juni-2> show subscribers extensive    
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.1073768573
Interface type: Dynamic
Underlying Interface: ge-1/1/1
Dynamic Profile Name: VLAN-PPPoE
State: Active
Session ID: 26750
VLAN Id: 2157
Login Time: 2017-10-23 20:07:06 UTC
 
Juni-2> show subscribers extensive    
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.1073768573
Interface type: Dynamic
Underlying Interface: ge-1/1/1
Dynamic Profile Name: VLAN-PPPoE
State: Active
Session ID: 26750
VLAN Id: 2157
Login Time: 2017-10-23 20:07:06 UTC
 
Juni-2> show subscribers extensive    
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.1073768573
Interface type: Dynamic
Underlying Interface: ge-1/1/1
Dynamic Profile Name: VLAN-PPPoE
State: Active
Session ID: 26750
VLAN Id: 2157
Login Time: 2017-10-23 20:07:06 UTC
 
Juni-2> show subscribers extensive    
Type: VLAN
Logical System: default
Routing Instance: default
Interface: demux0.1073768573
Interface type: Dynamic
Underlying Interface: ge-1/1/1
Dynamic Profile Name: VLAN-PPPoE
State: Active
Session ID: 26750
VLAN Id: 2157
Login Time: 2017-10-23 20:07:06 UTC
 
Type: PPPoE
User Name: ppptest
IP Address: 79.x.x.25
Logical System: default
Routing Instance: default
Interface: pp0.1073768574
Interface type: Dynamic
Underlying Interface: demux0.1073768573
Dynamic Profile Name: pppoe-profile
MAC Address: 90:94:e4:c8:83:ff
State: Configured
Radius Accounting ID: 26751
Session ID: 26751
VLAN Id: 2157
Login Time: 2017-10-23 20:07:11 UTC
 
Oct 23 20:13:50.688569 ########################### AUTH REQ RCVD #########################
Oct 23 20:13:50.967658 ###################################################################
Oct 23 20:13:50.967728 Auth-FSM: Process Auth-Request for session-id:26757
Oct 23 20:13:50.967815 Framework: Starting authentication
Oct 23 20:13:50.967922 authd_advance_module_for_aaa_request_msg: result:0
Oct 23 20:13:50.968010 Authd module start
Oct 23 20:13:50.968044 authd_radius_start_auth: Starting RADIUS authentication
Oct 23 20:13:50.968239 authd_radius_build_basic_auth_request: got params  profile=CLIENTS, username=ppptest
Oct 23 20:13:50.968285 radius-access-request: User-Name added: ppptest
Oct 23 20:13:50.968393 radius-access-request: Service-Type added: 2
Oct 23 20:13:50.968477 radius-access-request: Framed-Protocol added: 1
Oct 23 20:13:50.968538 radius-access-request: CHAP-Password added: ""
Oct 23 20:13:50.968583 radius-access-request: CHAP-Challenge added: ""
Oct 23 20:13:50.968631 radius-access-request: Chargeable-User-Identity added:
Oct 23 20:13:50.968690 radius-access-request: Acct-Session-Id added: 26757
Oct 23 20:13:50.968745 radius-access-request: DHCP-MAC-Address (Juniper-ERX-VSA) added: 9094.e4c8.83ff
Oct 23 20:13:50.968794 radius-access-request: NAS-Identifier added: Juni-2
Oct 23 20:13:50.968858 radius-access-request: NAS-Port added: 10 40 08 6d
Oct 23 20:13:50.968902 radius-access-request: NAS-Port-Id added: Juni-2#ge-1/1/1.demux0.1073768579:2157##
Oct 23 20:13:50.968948 radius-access-request: NAS-Port-Type added: 15
Oct 23 20:13:50.969000 radius-access-request: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 90:94:e4:c8:83:ff
Oct 23 20:13:50.969058 authd_create_application_specific_radius_server: Evaluating RADIUS server 0x511ea029 to add to the server list
Oct 23 20:13:50.971343 REQUEST: AUTHEN - module_index 0 module(radius) return: ASYNC
Oct 23 20:13:50.971444 UserAccess:ppptest session-id:26757 state:start Juni-2#ge-1/1/1.demux0.1073768579:2157##
Oct 23 20:13:50.971488 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthStart(1)
Oct 23 20:13:51.225059 serviceRadiusRequestQueues Serviced 1 RADIUS requests
Oct 23 20:13:51.225143 serviceRadiusRequestQueues Queue CLIENTS has 0 requests, peak is 0
Oct 23 20:13:51.709348 authd_radius_get_config:Using radius option config from access profile stanza
Oct 23 20:13:51.709502 loadDefaultService:: default service for the subscriber is empty
Oct 23 20:13:51.710034 Radius result is CLIENT_REQ_STATUS_SUCCESS
Oct 23 20:13:51.710091 Parsing RADIUS message for session-id:26757
Oct 23 20:13:51.710166 radius-access-accept: Framed-IP-Address received: 79.x.x.25
Oct 23 20:13:51.710219 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#1=description pppoeuser_ppptest
Oct 23 20:13:51.710348 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#1=description pppoeuser_ppptest
Oct 23 20:13:51.710401 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#2=rate-limit input 5000000 500000 500000 conform-action transmit exceed-action drop
Oct 23 20:13:51.710474 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#2=rate-limit input 5000000 500000 500000 conform-action transmit exceed-action drop
Oct 23 20:13:51.710524 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#3=rate-limit output 5000000 500000 500000 conform-action transmit exceed-action drop
Oct 23 20:13:51.710595 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#3=rate-limit output 5000000 500000 500000 conform-action transmit exceed-action drop
Oct 23 20:13:51.710645 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#4=ip access-group permitall in
Oct 23 20:13:51.710713 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#4=ip access-group permitall in
Oct 23 20:13:51.710762 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#5=ip access-group permitall out
Oct 23 20:13:51.710831 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#5=ip access-group permitall out
Oct 23 20:13:51.710927 radius-access-accept: Activate-Service (Juniper-ERX-VSA) received: Tag (1) svc-global-pppoe
Oct 23 20:13:51.710976 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: ip:dns-servers=81.x.x.5 81.x.x.3
Oct 23 20:13:51.711050 radius-access-accept: AV-Pair (Cisco-VSA) received: ip:dns-servers=81.x.x.5 81.x.x.3
Oct 23 20:13:51.711105 radius-access-accept: Session-Timeout received: 2592000
Oct 23 20:13:51.711159 radius-access-accept: Acct-Interim-Interval received: 600
Oct 23 20:13:51.711210 Framework - module(radius) return: SUCCESS
Oct 23 20:13:51.711245 authd_advance_module_for_aaa_response_msg: result:2
Oct 23 20:13:51.711300 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:21 len:4
Oct 23 20:13:51.711353 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:53 len:4
Oct 23 20:13:51.711395 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1673client-session response-attr:: interim-interval:600
Oct 23 20:13:51.712123 Decoding incoming attributes
Oct 23 20:13:51.712170 Subscriber attribute 10169, length 8
Oct 23 20:13:51.712209 Subscriber attribute 10080, length 17
Oct 23 20:13:51.712247 Subscriber attribute 10153, length 32
Oct 23 20:13:51.712285 Subscriber attribute 10005, length 4
Oct 23 20:13:51.712329 Received subscriber login request, subscriber session-id:26757
Oct 23 20:13:51.712381 Decoding attribute 10005 length 4
Oct 23 20:13:51.712421 Decoding attribute 10080 length 17
Oct 23 20:13:51.712457 Decoding attribute 10153 length 32
Oct 23 20:13:51.712492 Decoding attribute 10169 length 8
Oct 23 20:13:51.712548 Processing address request in default:default network 255.255.255.254 mac 90:94:E4:C8:83:FF
Oct 23 20:13:51.712600 Processing rule External-Authority
Oct 23 20:13:51.712637  ************** START-ExternalAuthority ******************
Oct 23 20:13:51.712696 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default
Oct 23 20:13:51.712744       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 23 20:13:51.712794       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 23 20:13:51.712843       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 23 20:13:51.712884       V6NA: req: no pool: NULL address: null
Oct 23 20:13:51.712933       V6PD: req: no pool: NULL prefix: null/0
Oct 23 20:13:51.712980       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 23 20:13:51.713023  *********************************************************
Oct 23 20:13:51.713057 NDRA PREFIX ALLOC begin
Oct 23 20:13:51.713089 IPV4 ADDRESS ALLOC begin
Oct 23 20:13:51.713559 IPV6 ADDRESS ALLOC begin
Oct 23 20:13:51.713595 IPV6 PREFIX ALLOC begin
Oct 23 20:13:51.713627  *************** END-ExternalAuthority *******************
Oct 23 20:13:51.713664 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default
Oct 23 20:13:51.713710       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 23 20:13:51.713757       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 23 20:13:51.713806       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 23 20:13:51.713846       V6NA: req: no pool: NULL address: null
Oct 23 20:13:51.713894       V6PD: req: no pool: NULL prefix: null/0
Oct 23 20:13:51.713940       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 23 20:13:51.713977  *********************************************************
Oct 23 20:13:51.714020 Processing rule Network-Match
Oct 23 20:13:51.714055  ***************** START-NetworkMatch ********************
Oct 23 20:13:51.714091 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default
Oct 23 20:13:51.714136       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 23 20:13:51.714183       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 23 20:13:51.714260       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 23 20:13:51.714303       V6NA: req: no pool: NULL address: null
Oct 23 20:13:51.714351       V6PD: req: no pool: NULL prefix: null/0
Oct 23 20:13:51.714398       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 23 20:13:51.714435  *********************************************************
Oct 23 20:13:51.714468 IPV4 ADDRESS ALLOC begin
Oct 23 20:13:51.714511 IPV6 ADDRESS ALLOC begin
Oct 23 20:13:51.714546 IPV6 PREFIX ALLOC begin
Oct 23 20:13:51.714579  ****************** END-NetworkMatch *********************
Oct 23 20:13:51.714615 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default
Oct 23 20:13:51.714661       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 23 20:13:51.714708       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 23 20:13:51.714756       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 23 20:13:51.714797       V6NA: req: no pool: NULL address: null
Oct 23 20:13:51.714844       V6PD: req: no pool: NULL prefix: null/0
Oct 23 20:13:51.714890       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 23 20:13:51.714927  *********************************************************
Oct 23 20:13:51.714964 Processing rule Client-Authority
Oct 23 20:13:51.715005 Done processing rules
Oct 23 20:13:51.715057 Trying to assign address 79.x.x.25 to subscriber session-id:26757
Oct 23 20:13:51.715489 Result have been returned with opcode=0, result=2
Oct 23 20:13:51.715535  ************* Results of Address Allocation *************
Oct 23 20:13:51.715574 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default
Oct 23 20:13:51.715624       client type jpppd client type 64 mac address 90:94:E4:C8:83:FF
Oct 23 20:13:51.715673       REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name
Oct 23 20:13:51.715749       V4NA: req: yes pool: NULL address: 79.x.x.25
Oct 23 20:13:51.715792       V6NA: req: no pool: NULL address: null
Oct 23 20:13:51.715841       V6PD: req: no pool: NULL prefix: null/0
Oct 23 20:13:51.715887       V6NDRA: req: no pool: NULL ndra prefix: null/0
Oct 23 20:13:51.715924  *********************************************************
Oct 23 20:13:51.716361  authd_auth_update_local_server_address ::Searching access profile CLIENTS for local DNS Server
Oct 23 20:13:51.716420 AuthFsm::current state=AuthStart(1) event=2 astEntry=0x20ff4d8 aaa msg=0x1f7006c
Oct 23 20:13:51.716464 Auth-FSM: Process Auth-Response for session-id:26757 and client type broadband
Oct 23 20:13:51.716499 createDynamicRequest: (2) received
Oct 23 20:13:51.716928 requestString=svc-global-pppoe
Oct 23 20:13:51.716987 serviceName=svc-global-pppoe,serviceString=svc-global-pppoe
Oct 23 20:13:51.717959 Decoding the Dynamic-Service=svc-global-pppoe. Request=<svc-global-pppoe>
Oct 23 20:13:51.718052 Framework: auth result is 1. Performing post-auth operations
Oct 23 20:13:51.718098 Found a Session Timeout value: 2592000  passing it into the Accounting Module
Oct 23 20:13:51.718134 Framework: result is 1.
Oct 23 20:13:51.718172 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=1 (ACCESS_OK), sub-id=26757, cookie=28083, rply_len=28, num_tlv_blocks=0
Oct 23 20:13:51.718251 ###################################################################
Oct 23 20:13:51.718286 ######################### AUTH REQ ACK SENT #######################
Oct 23 20:13:51.718316 ###################################################################
Oct 23 20:13:51.718370 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthClntRespWait(4)
Oct 23 20:13:51.718673 authd_auth_aaa_msg_destroy
Oct 23 20:13:51.718734 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c
Oct 23 20:13:51.718775 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0
Oct 23 20:13:51.719880 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes
Oct 23 20:15:50.790962 authd_read_msg: Fresh msg arrival. fd=81, hdr_read=0, hdr_remnant=0, payload_read=0 payload_remnant=0
Oct 23 20:15:50.791026 fresh message conn=0x2c3f000
Oct 23 20:15:50.791067 read fresh message conn=0x2c3f000 hdr_remnant=0 hdr_read=32
Oct 23 20:15:50.791099 Read payload for new message. fd=81, rqst_len=40
Oct 23 20:15:50.791130 Read payload for new message. fd=81, payload_len=8, rqst_len=40, cookie=28084
Oct 23 20:15:50.791193 Process/Dispatch Client Message
Oct 23 20:15:50.791228 New Process/Dispatch Client Message
Oct 23 20:15:50.791280 authd_auth_aaa_msg_create: num_of_tlvs:1 tot_num_of_tlv:1
Oct 23 20:15:50.791318 authd_auth_aaa_msg_create aaa-key: username:() profile:()
Oct 23 20:15:50.791354 Process Request
Oct 23 20:15:50.791394 Client request received on conn-id:jpppd session-id:26757 Opcode:3, Subcode:17
Oct 23 20:15:50.791450 Decoding incoming attributes
Oct 23 20:15:50.791490 Subscriber attribute 10045, length 4
Oct 23 20:15:50.791525 Begin to logout Subscriber
Oct 23 20:15:50.791562 Received subscriber logout request, subscriber-id=26757
Oct 23 20:15:50.791609 ###################################################################
Oct 23 20:15:50.791655 ############################ LOGOUT RCVD ##########################
Oct 23 20:15:50.791688 ###################################################################
Oct 23 20:15:50.791758 Removing client snapshot
Oct 23 20:15:50.791796 checkLicense
Oct 23 20:15:50.791898 checkLicense
Oct 23 20:15:50.791937 Auth-FSM: reinterpretFsmEvent 8 to 10
Oct 23 20:15:50.791977 AuthFsm::current state=AuthClntRespWait(4) event=10 astEntry=0x20ff4d8 aaa msg=0x1f7006c
Oct 23 20:15:50.792016 Auth-FSM: Trigger Acct-Stop request to collect volume stats and wait for Ack. session-id:26757
Oct 23 20:15:50.792051 Auth-FSM: Trigger Acct-Stop. session-id:26757
Oct 23 20:15:50.792088  ======= Accounting STOP triggered for 26757 ==============
Oct 23 20:15:50.792162 deriveTerminateCause10029->10
Oct 23 20:15:50.792199 Setting terminate cause to 10
Oct 23 20:15:50.792231 checkLicense
Oct 23 20:15:50.792299 checkLicense
Oct 23 20:15:50.792379 AccFsm::current state=Acc-Init(0) event=8 astEntry=0x20ff4d8 session-id:26757
Oct 23 20:15:50.792954 ACC-FSM:sendAccStopWithNullStats_a9 for session-id:26757
Oct 23 20:15:50.792996 calcAndAddVolumeStats libstats_substats_difference (&stats.ls_app_cleared, &stats.ls_local)
Oct 23 20:15:50.793040 libstats_substats_difference (&stats.ls_ipv6_app_cleared, &stats.ls_ipv6_local)
Oct 23 20:15:50.793081 Authd module Accounting
Oct 23 20:15:50.793128 Authd acctg module start
Oct 23 20:15:50.793160 authd_radius_send_acctg_msg: Starting RADIUS accounting
Oct 23 20:15:50.793193 authd_radius_send_acctg_msg: got params  profile=CLIENTS username=ppptest acctg_id=(26757), ls=default, lr=default
Oct 23 20:15:50.793248 radius-acct-stop: User-Name added: ppptest
Oct 23 20:15:50.793291 radius-acct-stop: Acct-Status-Type added: 2
Oct 23 20:15:50.793332 radius-acct-stop: Acct-Session-Id added: 26757
Oct 23 20:15:50.793381 radius-acct-stop: Acct-Input-Octets added: 0
Oct 23 20:15:50.793425 radius-acct-stop: Acct-Output-Octets added: 0
Oct 23 20:15:50.793468 radius-acct-stop: Acct-Session-Time added: 119
Oct 23 20:15:50.793511 radius-acct-stop: Acct-Input-Packets added: 0
Oct 23 20:15:50.793554 radius-acct-stop: Acct-Output-Packets added: 0
Oct 23 20:15:50.793598 radius-acct-stop: Acct-Terminate-Cause added: 10
Oct 23 20:15:50.793641 Taking a client snapshot, session-id:26757
Oct 23 20:15:50.793840 radius-acct-stop: Service-Type added: 2
Oct 23 20:15:50.793896 radius-acct-stop: Framed-Protocol added: 1
Oct 23 20:15:50.794454 radius-acct-stop: Cos-Shaping-Rate (Juniper-ERX-VSA) added: Port Speed: 1000000k
Oct 23 20:15:50.794536 radius-acct-stop: Acct-Authentic added: 1
Oct 23 20:15:50.794587 radius-acct-stop: Acct-Delay-Time added: 0
Oct 23 20:15:50.794645 radius-acct-stop: DHCP-MAC-Address (Juniper-ERX-VSA) added: 9094.e4c8.83ff
Oct 23 20:15:50.794704 radius-acct-stop: Event-Timestamp added: 2017-10-23 20:15:50
Oct 23 20:15:50.794753 radius-acct-stop: Framed-IP-Address added: 79.x.x.25
Oct 23 20:15:50.794902 radius-acct-stop: Input-Gigapackets (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.794954 radius-acct-stop: Acct-Input-Gigawords added: 0
Oct 23 20:15:50.795000 radius-acct-stop: NAS-Identifier added: Juni-2
Oct 23 20:15:50.795049 radius-acct-stop: NAS-Port added: 10 40 08 6d
Oct 23 20:15:50.795090 radius-acct-stop: NAS-Port-Id added: Juni-2#ge-1/1/1.demux0.1073768579:2157##
Oct 23 20:15:50.795137 radius-acct-stop: NAS-Port-Type added: 15
Oct 23 20:15:50.795182 radius-acct-stop: Output-Gigapackets (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.795229 radius-acct-stop: Acct-Output-Gigawords added: 0
Oct 23 20:15:50.795277 radius-acct-stop: IPv6-Acct-Input-Octets (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.795325 radius-acct-stop: IPv6-Acct-Output-Octets (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.795371 radius-acct-stop: IPv6-Acct-Input-Packets (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.795418 radius-acct-stop: IPv6-Acct-Output-Packets (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.795465 radius-acct-stop: IPv6-Acct-Input-Gigawords (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.795512 radius-acct-stop: IPv6-Acct-Output-Gigawords (Juniper-ERX-VSA) added: 0
Oct 23 20:15:50.795567 radius-acct-stop: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 90:94:e4:c8:83:ff
Oct 23 20:15:50.795620 authd_create_application_specific_radius_server: Evaluating RADIUS server 0x511ea029 to add to the server list
Oct 23 20:15:50.795848 handleAcctVolStatsAckAcct Enabled :
Oct 23 20:15:50.795891 checkLicense
Oct 23 20:15:50.795922 TRUE
Oct 23 20:15:50.795954 checkLicense
Oct 23 20:15:50.796027 accFsmExecute::new state=Acc-Stop-On-Fail-Deny-Sent(6)
Oct 23 20:15:50.796066 authd_auth_aaa_msg_destroy
Oct 23 20:15:50.796107 authd_auth_aaa_msg_destroy: removing msg from recv queue
Oct 23 20:15:50.796148 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c
Oct 23 20:15:50.796608 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthAcctVolStatsAckWait(5)
Oct 23 20:15:50.796668 AuthFsm::current state=AuthAcctVolStatsAckWait(5) event=25 astEntry=0x20ff4d8 aaa msg=0
Oct 23 20:15:50.796744 Auth-FSM: Posting a Logout-Ack to the client daemon for session-id:26757
Oct 23 20:15:50.796781 Auth-FSM: (B) Trigger LOGOUT-NOTIFICATION SKIPPED
Oct 23 20:15:50.796825 ****astEntry:0x20ff4d8 aaaMsg:0 replyOpcode:1 replySubOpcode:18 replyStatus:1
Oct 23 20:15:50.796867 authd_build_aaa_request: Found dynRequest with cause 0
Oct 23 20:15:50.796905 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=18 (SESSION_LOGOUT_ACK), sub-id=26757, cookie=28084, rply_len=28, num_tlv_blocks=0
Oct 23 20:15:50.796956 ###################################################################
Oct 23 20:15:50.796989 ####################### LOGOUT ACK SENT ########################
Oct 23 20:15:50.797019 ###################################################################
Oct 23 20:15:50.797065 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthAcctStopAckWait(6)
Oct 23 20:15:50.797181 authd_auth_aaa_msg_destroy
Oct 23 20:15:50.797229 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c
Oct 23 20:15:50.797267 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0
Oct 23 20:15:50.797319 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes
Oct 23 20:15:50.847137 authd_radius_get_config:Using radius option config from access profile stanza
Oct 23 20:15:50.847228 Radius result is CLIENT_REQ_STATUS_SUCCESS
Oct 23 20:15:50.847264 authd_radius_acctg_callback Result is :(CLIENT_REQ_STATUS_SUCCESS) reply_code:(Accounting-Response) 5 sub-id: 26757
Oct 23 20:15:50.847313  ======= Accounting RESPONSE Received ==============
Oct 23 20:15:50.847368 AccFsm::current state=Acc-Stop-On-Fail-Deny-Sent(6) event=11 astEntry=0x20ff4d8 session-id:26757
Oct 23 20:15:50.847408 ACC-FSM:notifyAUM_a10 for session-id:26757
Oct 23 20:15:50.847447 AuthFsm::current state=AuthAcctStopAckWait(6) event=26 astEntry=0x20ff4d8 aaa msg=0
Oct 23 20:15:50.847484 Auth-FSM: Posting a Client-Session-Cleanup-Ack to the client daemon for session-id:26757
Oct 23 20:15:50.847523 ****astEntry:0x20ff4d8 aaaMsg:0 replyOpcode:1 replySubOpcode:20 replyStatus:1
Oct 23 20:15:50.847593 authd_build_aaa_request: Found dynRequest with cause 0
Oct 23 20:15:50.847633 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=20 (CLIENT_SESSION_CLEANUP_ACK), sub-id=26757, cookie=0, rply_len=28, num_tlv_blocks=0
Oct 23 20:15:50.847682 ###################################################################
Oct 23 20:15:50.847715 ####################### TERMINATE ACK SENT ########################
Oct 23 20:15:50.847745 ###################################################################
Oct 23 20:15:50.847788 Delete session: 26757
Oct 23 20:15:50.847848 Begin to logout Subscriber
Oct 23 20:15:50.847892 UserAccess:ppptest session-id:26757 state:log-out Juni-2#ge-1/1/1.demux0.1073768579:2157##
Oct 23 20:15:50.847926 ~CoARequest 211406c
Oct 23 20:15:50.847957 cleanServiceList: numRequests 1
Oct 23 20:15:50.847993 markAsProcessed: ServiceRequestEntry service session-id:0
Oct 23 20:15:50.848040 ~DynamicRequestEntry 211406c
Oct 23 20:15:50.848119 Removing client snapshot
Oct 23 20:15:50.848184 accFsmExecute::new state=Acc-Stop-Ackd(7)
Oct 23 20:15:50.848315 authd_auth_aaa_msg_destroy
Oct 23 20:15:50.848365 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c
Oct 23 20:15:50.848403 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0
Oct 23 20:15:50.848456 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes
Oct 23 20:15:50.885147 authd_read_msg: Fresh msg arrival. fd=81, hdr_read=0, hdr_remnant=0, payload_read=0 payload_remnant=0
Oct 23 20:15:50.885219 fresh message conn=0x2c3f000
Oct 23 20:15:50.885262 read fresh message conn=0x2c3f000 hdr_remnant=0 hdr_read=32
Oct 23 20:15:50.885294 Read payload for new message. fd=81, rqst_len=32
Oct 23 20:15:50.885325 Read payload for new message. fd=81, payload_len=0, rqst_len=32, cookie=28085
Oct 23 20:15:50.885379 Process/Dispatch Client Message
Oct 23 20:15:50.885414 New Process/Dispatch Client Message
Oct 23 20:15:50.885464 authd_auth_aaa_msg_create: num_of_tlvs:0 tot_num_of_tlv:0
Oct 23 20:15:50.886155 authd_auth_aaa_msg_create aaa-key: username:() profile:()
Oct 23 20:15:50.886195 Process Request
Oct 23 20:15:50.886236 Client request received on conn-id:jpppd session-id:26757 Opcode:1, Subcode:19
Oct 23 20:15:50.886277 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:3186 AST-Table couldn't find the session:26757
Oct 23 20:15:50.886315 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:4027 Failed to get ASTEntry for session-id:26757
Oct 23 20:15:50.886354 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:3218 Pending ACCT Stop Table couldn't find the session:26757
Oct 23 20:15:50.886388 ###################################################################
Oct 23 20:15:50.886420 ################ TERMINATE-REQ RCVD AFTER CLEANUP #################
Oct 23 20:15:50.886453 ###################################################################
Oct 23 20:15:50.886484 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=20 (CLIENT_SESSION_CLEANUP_ACK), sub-id=26757, cookie=28085, rply_len=28, num_tlv_blocks=0
Oct 23 20:15:50.886540 ###################################################################
Oct 23 20:15:50.886574 ########## TERMINATE-REQ-ACK SENT (FAKE - AFTER CLEANUP) ##########
Oct 23 20:15:50.886694 ###################################################################
Oct 23 20:15:50.886729 authd_auth_aaa_msg_destroy
Oct 23 20:15:50.886781 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c
Oct 23 20:15:50.886827 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0
Oct 23 20:15:50.888483 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes
Oct 23 20:15:51.224861 serviceRadiusRequestQueues Serviced 1 RADIUS requests
Oct 23 20:15:51.224944 serviceRadiusRequestQueues Queue CLIENTS has 0 requests, peak is 0
 
А Session-Timeout := 2592000 делалось так же для цыски, дабы сессии долго держали сами по себе.
Вы со стороны радиуса для жунипера что то кардинально допиливали что бы все взлетело? 
Изменено пользователем SanMiron
Ссылка на сообщение
Поделиться на других сайтах

 

 

А Session-Timeout := 2592000 делалось так же для цыски, дабы сессии долго держали сами по себе. Вы со стороны радиуса для жунипера что то кардинально допиливали что бы все взлетело? 

 

особо ничего не допиливалось, взлетело из мануалов да форумов.. но пппое у нас  для совсем "тугих" девайсов . так стараемся на ipoe всё.. 

 
Junos: 15.1R6-S3
 
а на lo0 фильтр не висит случаем?
Ссылка на сообщение
Поделиться на других сайтах

 

А Session-Timeout := 2592000 делалось так же для цыски, дабы сессии долго держали сами по себе. Вы со стороны радиуса для жунипера что то кардинально допиливали что бы все взлетело? 

 

особо ничего не допиливалось, взлетело из мануалов да форумов.. но пппое у нас  для совсем "тугих" девайсов . так стараемся на ipoe всё.. 

 
Junos: 15.1R6-S3
 
а на lo0 фильтр не висит случаем?

 

version 13.3R9.13;

 

Только такой фильтр:

 

filter SSH_Limit {
        term allow_ip {
            from {
                source-address {
                    37.x.x.x/21;
                    46.x.x.x/21;
                    79.x.x.x/20;
                    81.x.x.x/20;
                    176.x.x.x/21;
                }
                destination-port 22;
            }
            then accept;
        }
        term block_another {
            from {
                destination-port 22;
            }
            then {
                discard;
            }
        }
        term allow_all {
            then accept;
        }
    }
 
lo0 {
        unit 0 {
            family inet {
                filter {
                    input SSH_Limit;
                }
                address 127.0.0.1/32;
            }
        }
    }
Ссылка на сообщение
Поделиться на других сайтах

 

address 127.0.0.1/32  - меня это смущает :) 

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

 

 

ну что-то не из 127/8 :)  можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на  нем строить с таким адресом? :)

Ссылка на сообщение
Поделиться на других сайтах

 

 

address 127.0.0.1/32  - меня это смущает :) 

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

 

 

ну что-то не из 127/8 :)  можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на  нем строить с таким адресом? :)

 

А вы можете показать что находится у вас в dictionary.juniper? 

Кстати после изменения адреса lo0 сессия держала уже не 2 минуты а 1 секунду...

Изменено пользователем SanMiron
Ссылка на сообщение
Поделиться на других сайтах

 

 

 

address 127.0.0.1/32  - меня это смущает :) 

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

 

 

ну что-то не из 127/8 :)  можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на  нем строить с таким адресом? :)

 

А вы можете показать что находится у вас в dictionary.juniper? 

Кстати после изменения адреса lo0 сессия держала уже не 2 минуты а 1 секунду...

 

 

а что сейчас в логах?

по словарю в радиусе? стандартно все.. по-дефолту из пакетов.  но у нас не pppoe (при написании процедур radcheck и radreply только игрался.. но поднимается все и работает), у нас ipoe местами..

Ссылка на сообщение
Поделиться на других сайтах

 

 

 

 

address 127.0.0.1/32  - меня это смущает :) 

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

 

 

ну что-то не из 127/8 :)  можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на  нем строить с таким адресом? :)

 

А вы можете показать что находится у вас в dictionary.juniper? 

Кстати после изменения адреса lo0 сессия держала уже не 2 минуты а 1 секунду...

 

 

а что сейчас в логах?

по словарю в радиусе? стандартно все.. по-дефолту из пакетов.  но у нас не pppoe (при написании процедур radcheck и radreply только игрался.. но поднимается все и работает), у нас ipoe местами..

 

Да все тоже:

 

Tue Oct 24 16:30:56 2017
        User-Name = "ppptest"
        Acct-Status-Type = Stop
        Acct-Session-Id = "28375"
        Acct-Input-Octets = 0
        Acct-Output-Octets = 0
        Acct-Session-Time = 119
        Acct-Input-Packets = 0
        Acct-Output-Packets = 0
        Acct-Terminate-Cause = NAS-Request
        Service-Type = Framed-User
        Framed-Protocol = PPP
        ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b
        Acct-Authentic = RADIUS
        Acct-Delay-Time = 0
        ERX-Dhcp-Mac-Addr = "9094.e4c8.83ff"
        Event-Timestamp = "Oct 24 2017 19:36:05 EEST"
        Framed-IP-Address = 79.x.x.25
        ERX-Input-Gigapkts = 0
        Acct-Input-Gigawords = 0
        NAS-Identifier = "Juni-2"
        NAS-Port = 272631917
        NAS-Port-Id = "ge-1/1/1.demux0.1073770061:2157"
        NAS-Port-Type = Virtual
        ERX-Output-Gigapkts = 0
        Acct-Output-Gigawords = 0
        ERX-IPv6-Acct-Input-Octets = 0
        ERX-IPv6-Acct-Output-Octets = 0
        ERX-IPv6-Acct-Input-Packets = 0
        ERX-IPv6-Acct-Output-Packets = 0
        ERX-IPv6-Acct-Input-Gigawords = 0
        ERX-IPv6-Acct-Output-Gigawords = 0
        ERX-Pppoe-Description = "pppoe 90:94:e4:c8:83:ff"
        NAS-IP-Address = 81.x.x.16
        Acct-Unique-Session-Id = "68d2899b5a07d6c1"

        Timestamp = 1508851856  

Ссылка на сообщение
Поделиться на других сайтах

А я юзаю unisphere аттрибуты

Типа такого файла?:

 

#################################################################################################

# unisphere.dct - Unisphere MX Family dictionary to support JUNOS v12.3

# (Note: JUNOSe attribute breakdown by JUNOSe releases not reflected in this document.

# JUNOSe information is based on complete JUNOSe attribute listing as of 5/19/10).

#

#

# (See README.DCT for more details on the format of this file)

#

# please note that tunnel attributes (8, 9, 33, 35, 39 - 41)

# and service attributes (65 - 69) may be tagged

#

#################################################################################################

#

# Use the Radius specification attributes

#

@radius.dct

 

#

# Define additional Unisphere ERX Family Attributes

#

 

# for untagged attributes: t = attr type value (attr id); s = data type (integer, string, etc)

MACRO ERX-VSA(t,s) 26 [vid=4874 type1=%t% len1=+2 data=%s%]

 

# for tagged strings t = attr type value (attr id); f = tag value

MACRO ERX-TAGGED-STRING-VSA(t,f) 26 [vid=4874 type1=%t% len1=+3 tag=%f% data=string]

 

# for integers t = attr type value (attr id); f = tag value

MACRO ERX-TAGGED-INT-VSA(t,f) 26 [vid=4874 type1=%t% len1=+2 tag=%f% data=integer]

 

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Virtual-Router ERX-VSA(1, string) rt

 

#JUNOse only

ATTRIBUTE Unisphere-Local-Address-Pool ERX-VSA(2, string) r

 

#JUNOse only

ATTRIBUTE Unisphere-Local-Interface ERX-VSA(3, string) r

 

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Primary-Dns ERX-VSA(4, ipaddr) r

 

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Secondary-Dns ERX-VSA(5, ipaddr) r

 

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Primary-Wins ERX-VSA(6, ipaddr) r

Ссылка на сообщение
Поделиться на других сайтах

Во общем добился я поднятия сессии, единственное что я сделал, это добавил в access profile "profile-name" radius options revert-interval 0, и изменил адрес lo0

Ссылка на сообщение
Поделиться на других сайтах

Создайте аккаунт или войдите в него для комментирования

Вы должны быть пользователем, чтобы оставить комментарий

Создать аккаунт

Зарегистрируйтесь для получения аккаунта. Это просто!

Зарегистрировать аккаунт

Войти

Уже зарегистрированы? Войдите здесь.

Войти сейчас
  • Сейчас на странице   0 пользователей

    Нет пользователей, просматривающих эту страницу.

  • Похожие публикации

    • Автор: yurasko
      Маршрутизатор Juniper MX80 + плата нату  MS-MIC-16G ціна 5000$
    • Автор: pobochnaya
      Нужен специалист - нужно связать NODENY 50.32 + Juniper MX80, 
       
      Сейчас работает связка Nodeny + mikrotik (1036) + nat (отдельный сервер)
       
      Хочется получить + IPOE на выходе с джуна, готовы оплатить достойно за рабочий функционал!
       
       
      P.S Советовать с переходом на ПЛЮС (пытались несколько раз уже и плюс куплен с модулями)-но не готовы , устраивает 50.32
    • Автор: desmond
      продам juniper MX10-T  за апгрейдом до МХ80, 2 БЖ, 4К $, торг
    • Автор: serverstar
      Отдам в хорошие руки. за смешные деньги )) juniper mx80 (два блока питания 220V,плата 20x1g sfp.4x10gxfp)отличное состояние ,ремонтов не было .) фото по требованию , Цена 4200 уе, все вопросы в личку 
    • Автор: ghzlviv
      Привіт
      Куплю Juniper MX80 та плату нат, цікавить як новий та і бу.
       
×
×
  • Создать...