Juniper MX80 + Freeradius PPPoE

SanMiron · 20 жовтня, 2017

Добрый день!

Интересует совместная работа freeradius и mx-80.

Набросал конфиг Джунипера для PPPoE. Они между собой вроде как общаются, сессия абонента поднимается но тут же отваливается.

Может кто то работает по такой схеме, что то подскажет...?

Пока не могу найти причину...

KaYot · 20 жовтня, 2017

Freeradius - промышленный стандарт в ISP. Ищите, что еще можно сказать.

SanMiron · 20 жовтня, 2017

Freeradius - промышленный стандарт в ISP. Ищите, что еще можно сказать.

Сильно много не скажу, для меня этот процесс новый. Могу предоставить конф жунипера, логи:

version 13.3R9.13;

dynamic-profiles {

pppoe-profile {

interfaces {

pp0 {

unit "$junos-interface-unit" {

ppp-options {

chap;

pap;

}

pppoe-options {

underlying-interface "$junos-underlying-interface";

server;

}

family inet {

filter {

input "$junos-input-filter";

output "$junos-output-filter";

}

unnumbered-address lo0.0;

}

VLAN-PPPoE {

interfaces {

demux0 {

unit "$junos-interface-unit" {

vlan-id "$junos-vlan-id";

demux-options {

underlying-interface "$junos-interface-ifd-name";

}

family pppoe {

access-concentrator PPPoE;

duplicate-protection;

dynamic-profile pppoe-profile;

}

CLIENTS-PPPoE {

interfaces {

demux0 {

unit "$junos-interface-unit" {

family pppoe {

duplicate-protection;

dynamic-profile pppoe-profile;

}

svc-global-pppoe {

interfaces {

pp0 {

unit "$junos-interface-unit" {

family inet;

}

system {

host-name Juni-2;

authentication-order [ password radius ];

root-authentication {

encrypted-password "$1$26QTXFt9$FmyjntPcZFpqpgDzo8fbh/"; ## SECRET-DATA

}

name-server {

x.x.x.x;

}

radius-server {

81.x.x.41 {

port 1812;

accounting-port 1813;

secret "$9$NA-YoDjqfQnk."; ## SECRET-DATA

timeout 10;

}

radius-options {

password-protocol mschap-v2;

attributes {

nas-ip-address 81.x.x.16;

}

services {

ssh;

}

syslog {

user * {

any emergency;

}

file messages {

any notice;

authorization info;

}

processes {

general-authentication-service {

traceoptions {

file radius;

flag all;

}

logical-systems {

LS1 {

routing-instances {

RI1 {

access-profile CLIENTS;

}

chassis {

network-services ethernet;

}

access-profile CLIENTS;

interfaces {

ge-1/1/0 {

description TEST;

unit 0 {

family inet {

address 81.x.x.16/26;

}

ge-1/1/1 {

description to_PPPoE;

flexible-vlan-tagging;

auto-configure {

vlan-ranges {

dynamic-profile VLAN-PPPoE {

accept pppoe;

ranges {

2157-2157;

}

fxp0 {

unit 0 {

family inet {

address 192.168.100.16/24;

}

inactive: irb {

unit 0 {

family inet {

address 81.x.x.16/26;

}

lo0 {

unit 0 {

family inet {

filter {

input SSH_Limit;

}

address 127.0.0.1/32;

}

protocols {

ospf {

area 0.0.0.0 {

inactive: interface irb.0;

interface ge-1/1/0.0;

}

ppp {

traceoptions {

file pppoe;

level all;

flag all;

}

pppoe {

service-name-tables Table1 {

service empty {

drop;

}

service user1-service {

terminate;

agent-specifier aci test ari test1 {

delay 10;

}

agent-specifier aci test2 ari test3 {

delay 10;

}

service user2-service {

delay 20;

}

firewall {

filter SSH_Limit {

term allow_ip {

from {

source-address {

37.x.x.x/21;

46.x.x.x/21;

79.x.x.x/20;

81.x.x.x/20;

176.x.x.x/21;

}

destination-port 22;

}

then accept;

}

term block_another {

from {

destination-port 22;

}

then {

discard;

}

term allow_all {

then accept;

}

access {

radius-server {

81.x.x.41 {

port 1812;

accounting-port 1813;

secret "$9$yBzrWxbwgJUH24"; ## SECRET-DATA

}

profile CLIENTS {

authentication-order radius;

radius {

authentication-server 81.x.x.41;

accounting-server 81.x.x.41;

options {

nas-port-id-format {

nas-identifier;

interface-description;

agent-circuit-id;

agent-remote-id;

}

attributes {

ignore {

output-filter;

input-filter;

}

accounting {

order radius;

accounting-stop-on-failure;

accounting-stop-on-access-deny;

immediate-update;

coa-immediate-update;

update-interval 600;

statistics volume-time;

}

Сессия на жунипере:

Type: VLAN

Logical System: default

Routing Instance: default

Interface: demux0.1073741824

Interface type: Dynamic

Underlying Interface: ge-1/1/1

Dynamic Profile Name: VLAN-PPPoE

State: Active

Session ID: 1

VLAN Id: 2157

Login Time: 2017-10-17 14:56:53 UTC

Type: PPPoE

User Name: ppptest

IP Address: 79.x.x.25

Logical System: default

Routing Instance: default

Interface: pp0.1073758999

Interface type: Dynamic

Underlying Interface: demux0.1073741824

Dynamic Profile Name: pppoe-profile

MAC Address: 90:94:e4:c8:83:ff

State: Configured

Radius Accounting ID: 17176

Session ID: 17176

VLAN Id: 2157

Login Time: 2017-10-20 23:46:00 UTC

Лог жунипера:

Oct 20 23:50:16.442716 Client request received on conn-id:jpppd session-id:17176 Opcode:2113, Subcode:0

Oct 20 23:50:16.442773 Taking a client snapshot, session-id:17176

Oct 20 23:50:16.442972 setAccountingInfo: NULL profile ? 0

Oct 20 23:50:16.443011 setAccountingInfo: service accounting order

Oct 20 23:50:16.443069 Creating SubscriberASTEntry for session-id:17176, session name:ppptest

Oct 20 23:50:16.443121 UserAccess:ppptest session-id:17176 state:login-request

Oct 20 23:50:16.443237 fillSessionDBAttributes: session-id: 17176, ifdName: ge-1/1/1

Oct 20 23:50:16.443293 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:419 No access-profile found in the SDB for session-id:17176

Oct 20 23:50:16.443337 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:433 PhyIfdName found in the SDB for session-id:17176

Oct 20 23:50:16.443387 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:441 InterfaceName found in the SDB for session-id:17176

Oct 20 23:50:16.443444 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:799 Querying the access-profile for user:ppptest on LR/RI:default:default

Oct 20 23:50:16.443515 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:811 Access Profile Name from context is <CLIENTS>

Oct 20 23:50:16.443572 authd_get_auth_request_nas_attr: The request list is from aaa_msg

Oct 20 23:50:16.443646 authd_get_auth_request_nas_attr: No Agent Circuit ID attribute from SDB

Oct 20 23:50:16.443682 authd_get_auth_request_nas_attr: No Agent Remote ID attribute from SDB

Oct 20 23:50:16.443719 authd_get_auth_request_nas_attr: No interface SVLAN attribute from SDB

Oct 20 23:50:16.443753 authd_get_auth_request_nas_attr: No interface ATM VPI attribute from SDB

Oct 20 23:50:16.443785 authd_get_auth_request_nas_attr: No interface ATM VCI attribute from SDB

Oct 20 23:50:16.443816 authd_get_auth_request_nas_attr: Recovered from SDB - VPI:-1 VCI:-1 NasPortType:15

Oct 20 23:50:16.443885 authd_get_interface_nas_port_options Interface Radius-Options for Interface ge-1/1/1 not found

Oct 20 23:50:16.443964 authd_build_radius_nas_port_and_id: NASPortID = Juni-2#ge-1/1/1.demux0.1073741824:2157##, NASPort = 1040086d, CallingStationID =

Oct 20 23:50:16.444471 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:947 Setting multi-acct-session-id to 0

Oct 20 23:50:16.444520 setAccountingInfo: NULL profile ? 36017364

Oct 20 23:50:16.444561 setAccountingInfo: service accounting order

Oct 20 23:50:16.445075 updateCoaDynamicVariableValidation coaValidation: 0

Oct 20 23:50:16.445135 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:552 JSRC: NOT calling jsrc restore function: - notify off - jsrc id empty

Oct 20 23:50:16.445177 Bundle session id not found, setting to NULL

Oct 20 23:50:16.445214 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:569 multi-acct-session-id set to 0

Oct 20 23:50:16.445255 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:690 access profile: CLIENTS

Oct 20 23:50:16.445292 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_subscriber_entry.cc:756 On-demand IP address set to 0

Oct 20 23:50:16.445373 UserAccess:ppptest session-id:17176 Access-profile:CLIENTS Multi-Acct-Session-Id:0

Oct 20 23:50:16.445413 authd_auth_modules_pre_feed_sanity: message passed sanity test profile=(), username=()

Oct 20 23:50:16.445456 AuthFsm::current state=AuthInit(0) event=1 astEntry=0x20ff4d8 aaa msg=0x1f7006c

Oct 20 23:50:16.445500 ###################################################################

Oct 20 23:50:16.445533 ########################### AUTH REQ RCVD #########################

Oct 20 23:50:16.445564 ###################################################################

Oct 20 23:50:16.445594 Auth-FSM: Process Auth-Request for session-id:17176

Oct 20 23:50:16.445708 Framework: Starting authentication

Oct 20 23:50:16.445825 authd_advance_module_for_aaa_request_msg: result:0

Oct 20 23:50:16.445865 Authd module start

Oct 20 23:50:16.445896 authd_radius_start_auth: Starting RADIUS authentication

Oct 20 23:50:16.445989 authd_radius_build_basic_auth_request: got params profile=CLIENTS, username=ppptest

Oct 20 23:50:16.446029 radius-access-request: User-Name added: ppptest

Oct 20 23:50:16.446092 radius-access-request: Service-Type added: 2

Oct 20 23:50:16.446144 radius-access-request: Framed-Protocol added: 1

Oct 20 23:50:16.446191 radius-access-request: CHAP-Password added: ""

Oct 20 23:50:16.446236 radius-access-request: CHAP-Challenge added: ""

Oct 20 23:50:16.446283 radius-access-request: Chargeable-User-Identity added:

Oct 20 23:50:16.446332 radius-access-request: Acct-Session-Id added: 17176

Oct 20 23:50:16.446386 radius-access-request: DHCP-MAC-Address (Juniper-ERX-VSA) added: 9094.e4c8.83ff

Oct 20 23:50:16.446436 radius-access-request: NAS-Identifier added: Juni-2

Oct 20 23:50:16.446489 radius-access-request: NAS-Port added: 10 40 08 6d

Oct 20 23:50:16.446531 radius-access-request: NAS-Port-Id added: Juni-2#ge-1/1/1.demux0.1073741824:2157##

Oct 20 23:50:16.446577 radius-access-request: NAS-Port-Type added: 15

Oct 20 23:50:16.446658 radius-access-request: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 90:94:e4:c8:83:ff

Oct 20 23:50:16.446757 authd_create_application_specific_radius_server: Evaluating RADIUS server 0x511ea029 to add to the server list

Oct 20 23:50:16.446952 REQUEST: AUTHEN - module_index 0 module(radius) return: ASYNC

Oct 20 23:50:16.447014 UserAccess:ppptest session-id:17176 state:start Juni-2#ge-1/1/1.demux0.1073741824:2157##

Oct 20 23:50:16.447055 Auth-FSM: GRES-Mirror for session-id:17176 state:AuthStart(1)

Oct 20 23:50:17.154509 authd_radius_get_config:Using radius option config from access profile stanza

Oct 20 23:50:17.154635 loadDefaultService:: default service for the subscriber is empty

Oct 20 23:50:17.154672 Radius result is CLIENT_REQ_STATUS_SUCCESS

Oct 20 23:50:17.154764 Parsing RADIUS message for session-id:17176

Oct 20 23:50:17.154829 radius-access-accept: Framed-IP-Address received: 79.x.x.25

Oct 20 23:50:17.154882 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#1=description pppoeuser_ppptest

Oct 20 23:50:17.154979 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#1=description pppoeuser_ppptest

Oct 20 23:50:17.155031 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#2=rate-limit input 50000000 5000000 5000000 conform-action transmit exceed-action drop

Oct 20 23:50:17.155102 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#2=rate-limit input 50000000 5000000 5000000 conform-action transmit exceed-action drop

Oct 20 23:50:17.155153 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#3=rate-limit output 50000000 5000000 5000000 conform-action transmit exceed-action drop

Oct 20 23:50:17.155224 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#3=rate-limit output 50000000 5000000 5000000 conform-action transmit exceed-action drop

Oct 20 23:50:17.155274 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#4=ip access-group permitall in

Oct 20 23:50:17.155435 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#4=ip access-group permitall in

Oct 20 23:50:17.155486 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#5=ip access-group permitall out

Oct 20 23:50:17.155556 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#5=ip access-group permitall out

Oct 20 23:50:17.156978 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: ip:dns-servers=x.x.x.x y.y.y.y

Oct 20 23:50:17.157250 radius-access-accept: AV-Pair (Cisco-VSA) received: ip:dns-servers=x.x.x.x y.y.y.y

Oct 20 23:50:17.157315 radius-access-accept: Session-Timeout received: 2592000

Oct 20 23:50:17.157368 radius-access-accept: Acct-Interim-Interval received: 600

Oct 20 23:50:17.157420 Framework - module(radius) return: SUCCESS

Oct 20 23:50:17.157456 authd_advance_module_for_aaa_response_msg: result:2

Oct 20 23:50:17.157513 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:21 len:4

Oct 20 23:50:17.157561 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:53 len:4

Oct 20 23:50:17.157602 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1673client-session response-attr:: interim-interval:600

Oct 20 23:50:17.158258 Decoding incoming attributes

Oct 20 23:50:17.158304 Subscriber attribute 10169, length 8

Oct 20 23:50:17.158341 Subscriber attribute 10080, length 17

Oct 20 23:50:17.158378 Subscriber attribute 10153, length 30

Oct 20 23:50:17.158414 Subscriber attribute 10005, length 4

Oct 20 23:50:17.158455 Received subscriber login request, subscriber session-id:17176

Oct 20 23:50:17.158505 Decoding attribute 10005 length 4

Oct 20 23:50:17.158544 Decoding attribute 10080 length 17

Oct 20 23:50:17.158578 Decoding attribute 10153 length 30

Oct 20 23:50:17.158611 Decoding attribute 10169 length 8

Oct 20 23:50:17.158667 Processing address request in default:default network 255.255.255.254 mac 90:94:E4:C8:83:FF

Oct 20 23:50:17.159935 Processing rule External-Authority

Oct 20 23:50:17.159979 ************** START-ExternalAuthority ******************

Oct 20 23:50:17.160018 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default

Oct 20 23:50:17.160066 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 20 23:50:17.160116 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 20 23:50:17.160166 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 20 23:50:17.160209 V6NA: req: no pool: NULL address: null

Oct 20 23:50:17.160260 V6PD: req: no pool: NULL prefix: null/0

Oct 20 23:50:17.160308 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 20 23:50:17.160346 *********************************************************

Oct 20 23:50:17.160380 NDRA PREFIX ALLOC begin

Oct 20 23:50:17.160411 IPV4 ADDRESS ALLOC begin

Oct 20 23:50:17.160458 IPV6 ADDRESS ALLOC begin

Oct 20 23:50:17.160493 IPV6 PREFIX ALLOC begin

Oct 20 23:50:17.160524 *************** END-ExternalAuthority *******************

Oct 20 23:50:17.160633 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default

Oct 20 23:50:17.160684 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 20 23:50:17.160736 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 20 23:50:17.160787 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 20 23:50:17.160829 V6NA: req: no pool: NULL address: null

Oct 20 23:50:17.160878 V6PD: req: no pool: NULL prefix: null/0

Oct 20 23:50:17.160926 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 20 23:50:17.160963 *********************************************************

Oct 20 23:50:17.161001 Processing rule Network-Match

Oct 20 23:50:17.161035 ***************** START-NetworkMatch ********************

Oct 20 23:50:17.161096 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default

Oct 20 23:50:17.161551 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 20 23:50:17.161601 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 20 23:50:17.161651 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 20 23:50:17.161693 V6NA: req: no pool: NULL address: null

Oct 20 23:50:17.161792 V6PD: req: no pool: NULL prefix: null/0

Oct 20 23:50:17.161842 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 20 23:50:17.161879 *********************************************************

Oct 20 23:50:17.161913 IPV4 ADDRESS ALLOC begin

Oct 20 23:50:17.161956 IPV6 ADDRESS ALLOC begin

Oct 20 23:50:17.161992 IPV6 PREFIX ALLOC begin

Oct 20 23:50:17.162024 ****************** END-NetworkMatch *********************

Oct 20 23:50:17.162061 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default

Oct 20 23:50:17.162106 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 20 23:50:17.162153 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 20 23:50:17.162203 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 20 23:50:17.162245 V6NA: req: no pool: NULL address: null

Oct 20 23:50:17.162292 V6PD: req: no pool: NULL prefix: null/0

Oct 20 23:50:17.162339 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 20 23:50:17.162375 *********************************************************

Oct 20 23:50:17.162412 Processing rule Client-Authority

Oct 20 23:50:17.162448 Done processing rules

Oct 20 23:50:17.162499 Trying to assign address 79.x.x.25 to subscriber session-id:17176

Oct 20 23:50:17.162951 Result have been returned with opcode=0, result=2

Oct 20 23:50:17.162994 ************* Results of Address Allocation *************

Oct 20 23:50:17.163031 DUMP of all addressRequest fields for subscriber session-id:17176 router default:default

Oct 20 23:50:17.163100 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 20 23:50:17.163150 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 20 23:50:17.163201 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 20 23:50:17.163243 V6NA: req: no pool: NULL address: null

Oct 20 23:50:17.163292 V6PD: req: no pool: NULL prefix: null/0

Oct 20 23:50:17.163339 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 20 23:50:17.163377 *********************************************************

Oct 20 23:50:17.163425 authd_auth_update_local_server_address ::Searching access profile CLIENTS for local DNS Server

Oct 20 23:50:17.163481 AuthFsm::current state=AuthStart(1) event=2 astEntry=0x20ff4d8 aaa msg=0x1f7006c

Oct 20 23:50:17.163525 Auth-FSM: Process Auth-Response for session-id:17176 and client type broadband

Oct 20 23:50:17.163559 createDynamicRequest: (2) received

Oct 20 23:50:17.163617 Framework: auth result is 1. Performing post-auth operations

Oct 20 23:50:17.163659 Found a Session Timeout value: 2592000 passing it into the Accounting Module

Oct 20 23:50:17.163694 Framework: result is 1.

Oct 20 23:50:17.163902 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=1 (ACCESS_OK), sub-id=17176, cookie=18311, rply_len=28, num_tlv_blocks=0

Oct 20 23:50:17.163960 ###################################################################

Oct 20 23:50:17.163992 ######################### AUTH REQ ACK SENT #######################

Oct 20 23:50:17.164022 ###################################################################

Oct 20 23:50:17.164073 Auth-FSM: GRES-Mirror for session-id:17176 state:AuthClntRespWait(4)

Oct 20 23:50:17.164368 authd_auth_aaa_msg_destroy

Oct 20 23:50:17.164431 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c

Oct 20 23:50:17.164883 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0

Oct 20 23:50:17.166035 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes

Oct 20 23:50:17.224766 serviceRadiusRequestQueues Serviced 1 RADIUS requests

Oct 20 23:50:17.224849 serviceRadiusRequestQueues Queue CLIENTS has 0 requests, peak is 0

Радиус:

rad_recv: Accounting-Request packet from host 81.x.x.16 port 50513, id=96, length=365

User-Name = "ppptest"

Acct-Status-Type = Stop

Acct-Session-Id = "17176"

Acct-Input-Octets = 0

Acct-Output-Octets = 0

Acct-Session-Time = 119

Acct-Input-Packets = 0

Acct-Output-Packets = 0

Acct-Terminate-Cause = NAS-Request

Service-Type = Framed-User

Framed-Protocol = PPP

ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b

Acct-Authentic = RADIUS

Acct-Delay-Time = 0

ERX-Dhcp-Mac-Addr = "9094.e4c8.83ff"

Event-Timestamp = "Oct 21 2017 02:45:51 EEST"

Framed-IP-Address = 79.x.x.25

ERX-Input-Gigapkts = 0

Acct-Input-Gigawords = 0

NAS-Identifier = "Juni-2"

NAS-Port = 272631917

NAS-Port-Id = "Juni-2#ge-1/1/1.demux0.1073741824:2157##"

NAS-Port-Type = Ethernet

ERX-Output-Gigapkts = 0

Acct-Output-Gigawords = 0

ERX-IPv6-Acct-Input-Octets = 0

ERX-IPv6-Acct-Output-Octets = 0

ERX-IPv6-Acct-Input-Packets = 0

ERX-IPv6-Acct-Output-Packets = 0

ERX-IPv6-Acct-Input-Gigawords = 0

ERX-IPv6-Acct-Output-Gigawords = 0

ERX-Pppoe-Description = "pppoe 90:94:e4:c8:83:ff"

server pppoe {

# Executing section preacct from file /etc/freeradius/sites-enabled/pppoe

+- entering group preacct {...}

++[preprocess] returns ok

[acct_unique] Hashing 'NAS-Port = 272631917,Client-IP-Address = 81.x.x.16,NAS-IP-Address = 81.x.x.16,Acct-Session-Id = "17176",User-Name = "ppptest"'

[acct_unique] Acct-Unique-Session-ID = "8670275f415c5fbd".

++[acct_unique] returns ok

# Executing section accounting from file /etc/freeradius/sites-enabled/pppoe

+- entering group accounting {...}

[fixusername] expand: ->

fixusername: Does not match: User-Name = ppptest

++[fixusername] returns ok

[detail] expand: %{Packet-Src-IP-Address} -> 81.x.x.16

[detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/81.x.x.16/detail-20171020

[detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/81.x.x.16/detail-20171020

[detail] expand: %t -> Fri Oct 20 23:40:58 2017

++[detail] returns ok

[sql_pppoe] expand: %{Stripped-User-Name} ->

[sql_pppoe] ... expanding second conditional

[sql_pppoe] expand: %{User-Name} -> ppptest

[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest

[sql_pppoe] sql_set_user escaped user --> 'ppptest'

[sql_pppoe] expand: %{Acct-Input-Gigawords} -> 0

[sql_pppoe] expand: %{Acct-Input-Octets} -> 0

[sql_pppoe] expand: %{Acct-Output-Gigawords} -> 0

[sql_pppoe] expand: %{Acct-Output-Octets} -> 0

[sql_pppoe] expand: %{Acct-Delay-Time} -> 0

[sql_pppoe] expand: UPDATE sessions SET acctstoptime = '%S', status = 'stop', framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}', ServiceInfo = clearuserip('%{SQL-User-Name}') WHERE acctsessionid = '%{Acct-Session-Id}' AND username = LCASE ('%{SQL-User-Name}') AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE sessions SET acctstoptime = '2017-10-20 23:40:58',

rlm_sql (sql_pppoe): Reserving sql socket id: 59

[sql_pppoe] expand: %{Acct-Session-Time} -> 119

[sql_pppoe] expand: %{Acct-Delay-Time} -> 0

[sql_pppoe] expand: %{Acct-Input-Gigawords} -> 0

[sql_pppoe] expand: %{Acct-Input-Octets} -> 0

[sql_pppoe] expand: %{Acct-Output-Gigawords} -> 0

[sql_pppoe] expand: %{Acct-Output-Octets} -> 0

[sql_pppoe] expand: %{Acct-Delay-Time} -> 0

[sql_pppoe] expand: INSERT INTO sessions (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, serviceinfo) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 |

rlm_sql (sql_pppoe): Released sql socket id: 59

++[sql_pppoe] returns ok

} # server pppoe

Sending Accounting-Response of id 96 to 81.x.x.16 port 50513

Finished request 25.

Cleaning up request 25 ID 96 with timestamp +113

Going to the next request

Waking up in 4.0 seconds.

rad_recv: Access-Request packet from host 81.x.x.16 port 50513, id=97, length=211

User-Name = "ppptest"

Service-Type = Framed-User

Framed-Protocol = PPP

CHAP-Password = 0xbda86ffc7ef592c7a72fb28ed986242878

CHAP-Challenge = 0xab7f17d37b6d066f8bf3d6110c0f5b9dd45c11898019c915

Chargeable-User-Identity = ""

Acct-Session-Id = "17176"

ERX-Dhcp-Mac-Addr = "9094.e4c8.83ff"

NAS-Identifier = "Juni-2"

NAS-Port = 272631917

NAS-Port-Id = "Juni-2#ge-1/1/1.demux0.1073741824:2157##"

NAS-Port-Type = Ethernet

ERX-Pppoe-Description = "pppoe 90:94:e4:c8:83:ff"

server pppoe {

# Executing section authorize from file /etc/freeradius/sites-enabled/pppoe

+- entering group authorize {...}

[fixusername] expand: ->

fixusername: Does not match: User-Name = ppptest

++[fixusername] returns ok

++[preprocess] returns ok

[chap] Setting 'Auth-Type := CHAP'

++[chap] returns ok

[sql_pppoe] expand: %{Stripped-User-Name} ->

[sql_pppoe] ... expanding second conditional

[sql_pppoe] expand: %{User-Name} -> ppptest

[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest

[sql_pppoe] sql_set_user escaped user --> 'ppptest'

rlm_sql (sql_pppoe): Reserving sql socket id: 58

[sql_pppoe] expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE LCASE(UserName) = LCASE ('%{SQL-User-Name}') AND (getuserlimitact(LCASE(UserName)) = 1) ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE LCASE(UserName) = LCASE ('ppptest') AND (getuserlimitact(LCASE(UserName)) = 1) ORDER BY id

WARNING: Found User-Password == "...".

WARNING: Are you sure you don't mean Cleartext-Password?

WARNING: See "man rlm_pap" for more information.

[sql_pppoe] User found in radcheck table

[sql_pppoe] expand: SELECT id, UserName, Attribute, getparam(Value, Value1, '%{NAS-IP-Address}'), op FROM radreply WHERE LCASE(UserName) = LCASE ('%{SQL-User-Name}') AND (getuserlimitact(LCASE(UserName)) = 1) ORDER BY id -> SELECT id, UserName, Attribute, getparam(Value, Value1, '81.x.x.16'), op FROM radreply WHERE LCASE(UserName) = LCASE ('ppptest') AND (getuserlimitact(LCASE(UserName)) = 1) ORDER BY id

[sql_pppoe] expand: SELECT GroupName FROM usergroup WHERE LCASE(UserName)=LCASE ('%{SQL-User-Name}') AND (getuserlimitact(LCASE ('%{SQL-User-Name}')) = 1) -> SELECT GroupName FROM usergroup WHERE LCASE(UserName)=LCASE ('ppptest') AND (getuserlimitact(LCASE ('ppptest')) = 1)

[sql_pppoe] expand: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE LCASE(usergroup.Username) = LCASE ('%{SQL-User-Name}') AND usergroup.GroupName = radgroupcheck.GroupName AND ((getuserlimitact(LCASE ('%{SQL-User-Name}')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupcheck.id -> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE LCASE(usergroup.Username) = LCASE ('ppptest') AND usergroup.GroupName = radgroupcheck.GroupName AND ((getuserlimitact(LCASE ('ppptest')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupcheck.id

[sql_pppoe] User found in group reretail_real

[sql_pppoe] expand: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE LCASE(usergroup.Username) = LCASE ('%{SQL-User-Name}') AND usergroup.GroupName = radgroupreply.GroupName AND ((getuserlimitact(LCASE ('%{SQL-User-Name}')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupreply.id -> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE LCASE(usergroup.Username) = LCASE ('ppptest') AND usergroup.GroupName = radgroupreply.GroupName AND ((getuserlimitact(LCASE ('ppptest')) = 1) OR LCASE(usergroup.Username) = LCASE ('DEFAULT')) ORDER BY radgroupreply.id

rlm_sql (sql_pppoe): Released sql socket id: 58

++[sql_pppoe] returns ok

Found Auth-Type = CHAP

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!! Replacing User-Password in config items with Cleartext-Password. !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!! Please update your configuration so that the "known good" !!!

!!! clear text password is in Cleartext-Password, and not in User-Password. !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

# Executing group from file /etc/freeradius/sites-enabled/pppoe

+- entering group CHAP {...}

[chap] login attempt by "ppptest" with CHAP password

[chap] Using clear text password "ppptest" for user ppptest authentication.

[chap] chap user ppptest authenticated succesfully

++[chap] returns ok

# Executing section session from file /etc/freeradius/sites-enabled/pppoe

+- entering group session {...}

[sql_pppoe] expand: %{Stripped-User-Name} ->

[sql_pppoe] ... expanding second conditional

[sql_pppoe] expand: %{User-Name} -> ppptest

[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest

[sql_pppoe] sql_set_user escaped user --> 'ppptest'

[sql_pppoe] expand: SELECT COUNT(*) FROM sessions WHERE UserName=LCASE('%{SQL-User-Name}') AND status NOT LIKE 'stop' -> SELECT COUNT(*) FROM sessions WHERE UserName=LCASE('ppptest') AND status NOT LIKE 'stop'

rlm_sql (sql_pppoe): Reserving sql socket id: 57

[sql_pppoe] expand: SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM sessions WHERE UserName=LCASE('%{SQL-User-Name}') AND status NOT LIKE 'stop' ORDER BY RadAcctId DESC Limit 40 -> SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM sessions WHERE UserName=LCASE('ppptest') AND status NOT LIKE 'stop' ORDER BY RadAcctId DESC Limit 40

checkrad: unknown NAS type Juni-2

rlm_sql (sql_pppoe): Released sql socket id: 57

[sql_pppoe] Failed to check the terminal server for user 'ppptest'.

++[sql_pppoe] returns fail

Login OK: [ppptest/<CHAP-Password>] (from client MX80 port 272631917)

# Executing section post-auth from file /etc/freeradius/sites-enabled/pppoe

+- entering group post-auth {...}

[sql_pppoe] expand: %{Stripped-User-Name} ->

[sql_pppoe] ... expanding second conditional

[sql_pppoe] expand: %{User-Name} -> ppptest

[sql_pppoe] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> ppptest

[sql_pppoe] sql_set_user escaped user --> 'ppptest'

[sql_pppoe] expand: %{User-Password} ->

[sql_pppoe] ... expanding second conditional

[sql_pppoe] expand: %{Chap-Password} -> 0xbda86ffc7ef592c7a72fb28ed986242878

[sql_pppoe] expand: INSERT into radpostauth (id, user, pass, reply, date) values ('', LCASE ('%{SQL-User-Name}'), '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT into radpostauth (id, user, pass, reply, date) values ('', LCASE ('ppptest'), '0xbda86ffc7ef592c7a72fb28ed986242878', 'Access-Accept', '2017-10-20 23:41:06')

rlm_sql (sql_pppoe) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', LCASE ('ppptest'), '0xbda86ffc7ef592c7a72fb28ed986242878', 'Access-Accept', '2017-10-20 23:41:06')

rlm_sql (sql_pppoe): Reserving sql socket id: 56

rlm_sql (sql_pppoe): Released sql socket id: 56

++[sql_pppoe] returns ok

[echo] expand: %{User-Name} -> ppptest

Exec-Program output: ppptest

Exec-Program-Wait: plaintext: ppptest

Exec-Program: returned: 0

++[echo] returns ok

Executing /usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}

expand: %{User-Name} -> ppptest

Exec-Program output: 2

Exec-Program-Wait: plaintext: 2

Exec-Program: returned: 0

result 0

expand: %{echo:/usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}} -> 2

++- entering switch %{echo:/usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}} {...}

+++- switch %{echo:/usr/bin/php -f /etc/freeradius/phpscript/dhcpgetip.php %{User-Name}} returns noop

++- group post-auth returns noop

} # server pppoe

Sending Access-Accept of id 97 to 81.x.x.16 port 50513

Framed-IP-Address = 79.x.x.25

Cisco-AVPair = "lcp:interface-config#1=description pppoeuser_ppptest"

Cisco-AVPair += "lcp:interface-config#2=rate-limit input 50000000 5000000 5000000 conform-action transmit exceed-action drop"

Cisco-AVPair += "lcp:interface-config#3=rate-limit output 50000000 5000000 5000000 conform-action transmit exceed-action drop"

Cisco-AVPair += "lcp:interface-config#4=ip access-group permitall in"

Cisco-AVPair += "lcp:interface-config#5=ip access-group permitall out"

Cisco-AVPair += "ip:dns-servers=x.x.x.x y.y.y.y"

Session-Timeout := 2592000

Acct-Interim-Interval := 300

Finished request 27.

Going to the next request

Cleaning up request 26 ID 23 with timestamp +116

Сессия держится на жунипере примерно 2 мин. (Acct-Session-Time = 119), в это время со стороны клиента ничего не происходит, он ничего не получает.

Возможно проблема связана с атрибутами. Там кстати проскакивают цысковские AVPair, еще их не убирал, но я не думаю что из за этого падает сессия.

skylaer · 21 жовтня, 2017

keepalive где?

trinity0333 · 21 жовтня, 2017

а где передача из радиуса атрибута ERX-Service-Activate ? или потом через COA радиуса сервис навешиваете?

SanMiron · 23 жовтня, 2017

а где передача из радиуса атрибута ERX-Service-Activate ? или потом через COA радиуса сервис навешиваете?

Ну дело до передачи сервисов еще не дошло, пока бы разобраться почему отваливаются сессии.

SanMiron · 23 жовтня, 2017

keepalive где?

Попробовал так, но без изменений:

pppoe-profile {

interfaces {

pp0 {

unit "$junos-interface-unit" {

ppp-options {

chap;

pap;

}

pppoe-options {

underlying-interface "$junos-underlying-interface";

server;

}

no-keepalives;

family inet {

filter {

input "$junos-input-filter";

output "$junos-output-filter";

}

unnumbered-address lo0.0;

}

И так "keepalives interval 60", но ничего

Відредаговано 23 жовтня, 2017 SanMiron

trinity0333 · 23 жовтня, 2017

keepalive где?

Попробовал так, но без изменений:

pppoe-profile {

interfaces {

pp0 {

unit "$junos-interface-unit" {

ppp-options {

chap;

pap;

}

pppoe-options {

underlying-interface "$junos-underlying-interface";

server;

}

no-keepalives;

family inet {

filter {

input "$junos-input-filter";

output "$junos-output-filter";

}

unnumbered-address lo0.0;

}

}

}

}

}

И так "keepalives interval 60", но ничего

dyn-pppoe {

routing-instances {

"$junos-routing-instance" {

interface "$junos-interface-name";

}

interfaces {

pp0 {

unit "$junos-interface-unit" {

ppp-options {

pap;

}

pppoe-options {

underlying-interface "$junos-underlying-interface";

server;

}

keepalives interval 30;

family inet {

unnumbered-address "$junos-loopback-interface";

}

у меня так работает.. проблем никаких...

а Session-Timeout := 2592000 такой зачем отдавать?

l1ght · 23 жовтня, 2017

Session-Timeout := 2592000 такой зачем отдавать?

30 дней поидее...

SanMiron · 23 жовтня, 2017

keepalive где?

Попробовал так, но без изменений:

pppoe-profile {

interfaces {

pp0 {

unit "$junos-interface-unit" {

ppp-options {

chap;

pap;

}

pppoe-options {

underlying-interface "$junos-underlying-interface";

server;

}

no-keepalives;

family inet {

filter {

input "$junos-input-filter";

output "$junos-output-filter";

}

unnumbered-address lo0.0;

}

}

}

}

}

И так "keepalives interval 60", но ничего

dyn-pppoe {

routing-instances {

"$junos-routing-instance" {

interface "$junos-interface-name";

}

}

interfaces {

pp0 {

unit "$junos-interface-unit" {

ppp-options {

pap;

}

pppoe-options {

underlying-interface "$junos-underlying-interface";

server;

}

keepalives interval 30;

family inet {

unnumbered-address "$junos-loopback-interface";

}

}

}

}

}

у меня так работает.. проблем никаких...

а Session-Timeout := 2592000 такой зачем отдавать?

Попробовал ради интереса, ситуация та же, скорее всего не в этом проблема:

pppoe-profile {

routing-instances {

"$junos-routing-instance" {

interface "$junos-interface-name";

}

interfaces {

pp0 {

unit "$junos-interface-unit" {

ppp-options {

chap;

pap;

}

pppoe-options {

underlying-interface "$junos-underlying-interface";

server;

}

keepalives interval 30;

family inet {

unnumbered-address "$junos-loopback-interface";

}

Juni-2> show subscribers extensive

Type: VLAN

Logical System: default

Routing Instance: default

Interface: demux0.1073768571

Interface type: Dynamic

Underlying Interface: ge-1/1/1

Dynamic Profile Name: VLAN-PPPoE

State: Active

Session ID: 26748

VLAN Id: 2157

Login Time: 2017-10-23 20:04:52 UTC

Type: PPPoE

User Name: ppptest

IP Address: 79.x.x.25

Logical System: default

Routing Instance: default

Interface: pp0.1073768572

Interface type: Dynamic

Underlying Interface: demux0.1073768571

Dynamic Profile Name: pppoe-profile

MAC Address: 90:94:e4:c8:83:ff

State: Configured

Radius Accounting ID: 26749

Session ID: 26749

VLAN Id: 2157

Login Time: 2017-10-23 20:04:57 UTC

Juni-2> show subscribers extensive

Total subscribers: 0, Active Subscribers: 0

Juni-2> show subscribers extensive

Total subscribers: 0, Active Subscribers: 0

Juni-2> show subscribers extensive

Total subscribers: 0, Active Subscribers: 0

Juni-2> show subscribers extensive

Type: VLAN

Logical System: default

Routing Instance: default

Interface: demux0.1073768573

Interface type: Dynamic

Underlying Interface: ge-1/1/1

Dynamic Profile Name: VLAN-PPPoE

State: Active

Session ID: 26750

VLAN Id: 2157

Login Time: 2017-10-23 20:07:06 UTC

Juni-2> show subscribers extensive

Type: VLAN

Logical System: default

Routing Instance: default

Interface: demux0.1073768573

Interface type: Dynamic

Underlying Interface: ge-1/1/1

Dynamic Profile Name: VLAN-PPPoE

State: Active

Session ID: 26750

VLAN Id: 2157

Login Time: 2017-10-23 20:07:06 UTC

Juni-2> show subscribers extensive

Type: VLAN

Logical System: default

Routing Instance: default

Interface: demux0.1073768573

Interface type: Dynamic

Underlying Interface: ge-1/1/1

Dynamic Profile Name: VLAN-PPPoE

State: Active

Session ID: 26750

VLAN Id: 2157

Login Time: 2017-10-23 20:07:06 UTC

Juni-2> show subscribers extensive

Type: VLAN

Logical System: default

Routing Instance: default

Interface: demux0.1073768573

Interface type: Dynamic

Underlying Interface: ge-1/1/1

Dynamic Profile Name: VLAN-PPPoE

State: Active

Session ID: 26750

VLAN Id: 2157

Login Time: 2017-10-23 20:07:06 UTC

Type: PPPoE

User Name: ppptest

IP Address: 79.x.x.25

Logical System: default

Routing Instance: default

Interface: pp0.1073768574

Interface type: Dynamic

Underlying Interface: demux0.1073768573

Dynamic Profile Name: pppoe-profile

MAC Address: 90:94:e4:c8:83:ff

State: Configured

Radius Accounting ID: 26751

Session ID: 26751

VLAN Id: 2157

Login Time: 2017-10-23 20:07:11 UTC

Oct 23 20:13:50.688569 ########################### AUTH REQ RCVD #########################

Oct 23 20:13:50.967658 ###################################################################

Oct 23 20:13:50.967728 Auth-FSM: Process Auth-Request for session-id:26757

Oct 23 20:13:50.967815 Framework: Starting authentication

Oct 23 20:13:50.967922 authd_advance_module_for_aaa_request_msg: result:0

Oct 23 20:13:50.968010 Authd module start

Oct 23 20:13:50.968044 authd_radius_start_auth: Starting RADIUS authentication

Oct 23 20:13:50.968239 authd_radius_build_basic_auth_request: got params profile=CLIENTS, username=ppptest

Oct 23 20:13:50.968285 radius-access-request: User-Name added: ppptest

Oct 23 20:13:50.968393 radius-access-request: Service-Type added: 2

Oct 23 20:13:50.968477 radius-access-request: Framed-Protocol added: 1

Oct 23 20:13:50.968538 radius-access-request: CHAP-Password added: ""

Oct 23 20:13:50.968583 radius-access-request: CHAP-Challenge added: ""

Oct 23 20:13:50.968631 radius-access-request: Chargeable-User-Identity added:

Oct 23 20:13:50.968690 radius-access-request: Acct-Session-Id added: 26757

Oct 23 20:13:50.968745 radius-access-request: DHCP-MAC-Address (Juniper-ERX-VSA) added: 9094.e4c8.83ff

Oct 23 20:13:50.968794 radius-access-request: NAS-Identifier added: Juni-2

Oct 23 20:13:50.968858 radius-access-request: NAS-Port added: 10 40 08 6d

Oct 23 20:13:50.968902 radius-access-request: NAS-Port-Id added: Juni-2#ge-1/1/1.demux0.1073768579:2157##

Oct 23 20:13:50.968948 radius-access-request: NAS-Port-Type added: 15

Oct 23 20:13:50.969000 radius-access-request: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 90:94:e4:c8:83:ff

Oct 23 20:13:50.969058 authd_create_application_specific_radius_server: Evaluating RADIUS server 0x511ea029 to add to the server list

Oct 23 20:13:50.971343 REQUEST: AUTHEN - module_index 0 module(radius) return: ASYNC

Oct 23 20:13:50.971444 UserAccess:ppptest session-id:26757 state:start Juni-2#ge-1/1/1.demux0.1073768579:2157##

Oct 23 20:13:50.971488 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthStart(1)

Oct 23 20:13:51.225059 serviceRadiusRequestQueues Serviced 1 RADIUS requests

Oct 23 20:13:51.225143 serviceRadiusRequestQueues Queue CLIENTS has 0 requests, peak is 0

Oct 23 20:13:51.709348 authd_radius_get_config:Using radius option config from access profile stanza

Oct 23 20:13:51.709502 loadDefaultService:: default service for the subscriber is empty

Oct 23 20:13:51.710034 Radius result is CLIENT_REQ_STATUS_SUCCESS

Oct 23 20:13:51.710091 Parsing RADIUS message for session-id:26757

Oct 23 20:13:51.710166 radius-access-accept: Framed-IP-Address received: 79.x.x.25

Oct 23 20:13:51.710219 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#1=description pppoeuser_ppptest

Oct 23 20:13:51.710348 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#1=description pppoeuser_ppptest

Oct 23 20:13:51.710401 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#2=rate-limit input 5000000 500000 500000 conform-action transmit exceed-action drop

Oct 23 20:13:51.710474 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#2=rate-limit input 5000000 500000 500000 conform-action transmit exceed-action drop

Oct 23 20:13:51.710524 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#3=rate-limit output 5000000 500000 500000 conform-action transmit exceed-action drop

Oct 23 20:13:51.710595 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#3=rate-limit output 5000000 500000 500000 conform-action transmit exceed-action drop

Oct 23 20:13:51.710645 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#4=ip access-group permitall in

Oct 23 20:13:51.710713 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#4=ip access-group permitall in

Oct 23 20:13:51.710762 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: lcp:interface-config#5=ip access-group permitall out

Oct 23 20:13:51.710831 radius-access-accept: AV-Pair (Cisco-VSA) received: lcp:interface-config#5=ip access-group permitall out

Oct 23 20:13:51.710927 radius-access-accept: Activate-Service (Juniper-ERX-VSA) received: Tag (1) svc-global-pppoe

Oct 23 20:13:51.710976 processCiscoAVPair: Ignoring AV-Pair (Cisco-VSA) with value: ip:dns-servers=81.x.x.5 81.x.x.3

Oct 23 20:13:51.711050 radius-access-accept: AV-Pair (Cisco-VSA) received: ip:dns-servers=81.x.x.5 81.x.x.3

Oct 23 20:13:51.711105 radius-access-accept: Session-Timeout received: 2592000

Oct 23 20:13:51.711159 radius-access-accept: Acct-Interim-Interval received: 600

Oct 23 20:13:51.711210 Framework - module(radius) return: SUCCESS

Oct 23 20:13:51.711245 authd_advance_module_for_aaa_response_msg: result:2

Oct 23 20:13:51.711300 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:21 len:4

Oct 23 20:13:51.711353 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1650 Client-session response-attr:: type:53 len:4

Oct 23 20:13:51.711395 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:1673client-session response-attr:: interim-interval:600

Oct 23 20:13:51.712123 Decoding incoming attributes

Oct 23 20:13:51.712170 Subscriber attribute 10169, length 8

Oct 23 20:13:51.712209 Subscriber attribute 10080, length 17

Oct 23 20:13:51.712247 Subscriber attribute 10153, length 32

Oct 23 20:13:51.712285 Subscriber attribute 10005, length 4

Oct 23 20:13:51.712329 Received subscriber login request, subscriber session-id:26757

Oct 23 20:13:51.712381 Decoding attribute 10005 length 4

Oct 23 20:13:51.712421 Decoding attribute 10080 length 17

Oct 23 20:13:51.712457 Decoding attribute 10153 length 32

Oct 23 20:13:51.712492 Decoding attribute 10169 length 8

Oct 23 20:13:51.712548 Processing address request in default:default network 255.255.255.254 mac 90:94:E4:C8:83:FF

Oct 23 20:13:51.712600 Processing rule External-Authority

Oct 23 20:13:51.712637 ************** START-ExternalAuthority ******************

Oct 23 20:13:51.712696 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default

Oct 23 20:13:51.712744 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 23 20:13:51.712794 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 23 20:13:51.712843 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 23 20:13:51.712884 V6NA: req: no pool: NULL address: null

Oct 23 20:13:51.712933 V6PD: req: no pool: NULL prefix: null/0

Oct 23 20:13:51.712980 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 23 20:13:51.713023 *********************************************************

Oct 23 20:13:51.713057 NDRA PREFIX ALLOC begin

Oct 23 20:13:51.713089 IPV4 ADDRESS ALLOC begin

Oct 23 20:13:51.713559 IPV6 ADDRESS ALLOC begin

Oct 23 20:13:51.713595 IPV6 PREFIX ALLOC begin

Oct 23 20:13:51.713627 *************** END-ExternalAuthority *******************

Oct 23 20:13:51.713664 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default

Oct 23 20:13:51.713710 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 23 20:13:51.713757 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 23 20:13:51.713806 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 23 20:13:51.713846 V6NA: req: no pool: NULL address: null

Oct 23 20:13:51.713894 V6PD: req: no pool: NULL prefix: null/0

Oct 23 20:13:51.713940 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 23 20:13:51.713977 *********************************************************

Oct 23 20:13:51.714020 Processing rule Network-Match

Oct 23 20:13:51.714055 ***************** START-NetworkMatch ********************

Oct 23 20:13:51.714091 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default

Oct 23 20:13:51.714136 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 23 20:13:51.714183 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 23 20:13:51.714260 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 23 20:13:51.714303 V6NA: req: no pool: NULL address: null

Oct 23 20:13:51.714351 V6PD: req: no pool: NULL prefix: null/0

Oct 23 20:13:51.714398 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 23 20:13:51.714435 *********************************************************

Oct 23 20:13:51.714468 IPV4 ADDRESS ALLOC begin

Oct 23 20:13:51.714511 IPV6 ADDRESS ALLOC begin

Oct 23 20:13:51.714546 IPV6 PREFIX ALLOC begin

Oct 23 20:13:51.714579 ****************** END-NetworkMatch *********************

Oct 23 20:13:51.714615 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default

Oct 23 20:13:51.714661 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 23 20:13:51.714708 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 23 20:13:51.714756 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 23 20:13:51.714797 V6NA: req: no pool: NULL address: null

Oct 23 20:13:51.714844 V6PD: req: no pool: NULL prefix: null/0

Oct 23 20:13:51.714890 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 23 20:13:51.714927 *********************************************************

Oct 23 20:13:51.714964 Processing rule Client-Authority

Oct 23 20:13:51.715005 Done processing rules

Oct 23 20:13:51.715057 Trying to assign address 79.x.x.25 to subscriber session-id:26757

Oct 23 20:13:51.715489 Result have been returned with opcode=0, result=2

Oct 23 20:13:51.715535 ************* Results of Address Allocation *************

Oct 23 20:13:51.715574 DUMP of all addressRequest fields for subscriber session-id:26757 router default:default

Oct 23 20:13:51.715624 client type jpppd client type 64 mac address 90:94:E4:C8:83:FF

Oct 23 20:13:51.715673 REQUESTING: OldStyle 0 OldStyleFilled 1 hint null network 255.255.255.254 client pool name

Oct 23 20:13:51.715749 V4NA: req: yes pool: NULL address: 79.x.x.25

Oct 23 20:13:51.715792 V6NA: req: no pool: NULL address: null

Oct 23 20:13:51.715841 V6PD: req: no pool: NULL prefix: null/0

Oct 23 20:13:51.715887 V6NDRA: req: no pool: NULL ndra prefix: null/0

Oct 23 20:13:51.715924 *********************************************************

Oct 23 20:13:51.716361 authd_auth_update_local_server_address ::Searching access profile CLIENTS for local DNS Server

Oct 23 20:13:51.716420 AuthFsm::current state=AuthStart(1) event=2 astEntry=0x20ff4d8 aaa msg=0x1f7006c

Oct 23 20:13:51.716464 Auth-FSM: Process Auth-Response for session-id:26757 and client type broadband

Oct 23 20:13:51.716499 createDynamicRequest: (2) received

Oct 23 20:13:51.716928 requestString=svc-global-pppoe

Oct 23 20:13:51.716987 serviceName=svc-global-pppoe,serviceString=svc-global-pppoe

Oct 23 20:13:51.717959 Decoding the Dynamic-Service=svc-global-pppoe. Request=<svc-global-pppoe>

Oct 23 20:13:51.718052 Framework: auth result is 1. Performing post-auth operations

Oct 23 20:13:51.718098 Found a Session Timeout value: 2592000 passing it into the Accounting Module

Oct 23 20:13:51.718134 Framework: result is 1.

Oct 23 20:13:51.718172 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=1 (ACCESS_OK), sub-id=26757, cookie=28083, rply_len=28, num_tlv_blocks=0

Oct 23 20:13:51.718251 ###################################################################

Oct 23 20:13:51.718286 ######################### AUTH REQ ACK SENT #######################

Oct 23 20:13:51.718316 ###################################################################

Oct 23 20:13:51.718370 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthClntRespWait(4)

Oct 23 20:13:51.718673 authd_auth_aaa_msg_destroy

Oct 23 20:13:51.718734 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c

Oct 23 20:13:51.718775 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0

Oct 23 20:13:51.719880 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes

Oct 23 20:15:50.790962 authd_read_msg: Fresh msg arrival. fd=81, hdr_read=0, hdr_remnant=0, payload_read=0 payload_remnant=0

Oct 23 20:15:50.791026 fresh message conn=0x2c3f000

Oct 23 20:15:50.791067 read fresh message conn=0x2c3f000 hdr_remnant=0 hdr_read=32

Oct 23 20:15:50.791099 Read payload for new message. fd=81, rqst_len=40

Oct 23 20:15:50.791130 Read payload for new message. fd=81, payload_len=8, rqst_len=40, cookie=28084

Oct 23 20:15:50.791193 Process/Dispatch Client Message

Oct 23 20:15:50.791228 New Process/Dispatch Client Message

Oct 23 20:15:50.791280 authd_auth_aaa_msg_create: num_of_tlvs:1 tot_num_of_tlv:1

Oct 23 20:15:50.791318 authd_auth_aaa_msg_create aaa-key: username:() profile:()

Oct 23 20:15:50.791354 Process Request

Oct 23 20:15:50.791394 Client request received on conn-id:jpppd session-id:26757 Opcode:3, Subcode:17

Oct 23 20:15:50.791450 Decoding incoming attributes

Oct 23 20:15:50.791490 Subscriber attribute 10045, length 4

Oct 23 20:15:50.791525 Begin to logout Subscriber

Oct 23 20:15:50.791562 Received subscriber logout request, subscriber-id=26757

Oct 23 20:15:50.791609 ###################################################################

Oct 23 20:15:50.791655 ############################ LOGOUT RCVD ##########################

Oct 23 20:15:50.791688 ###################################################################

Oct 23 20:15:50.791758 Removing client snapshot

Oct 23 20:15:50.791796 checkLicense

Oct 23 20:15:50.791898 checkLicense

Oct 23 20:15:50.791937 Auth-FSM: reinterpretFsmEvent 8 to 10

Oct 23 20:15:50.791977 AuthFsm::current state=AuthClntRespWait(4) event=10 astEntry=0x20ff4d8 aaa msg=0x1f7006c

Oct 23 20:15:50.792016 Auth-FSM: Trigger Acct-Stop request to collect volume stats and wait for Ack. session-id:26757

Oct 23 20:15:50.792051 Auth-FSM: Trigger Acct-Stop. session-id:26757

Oct 23 20:15:50.792088 ======= Accounting STOP triggered for 26757 ==============

Oct 23 20:15:50.792162 deriveTerminateCause10029->10

Oct 23 20:15:50.792199 Setting terminate cause to 10

Oct 23 20:15:50.792231 checkLicense

Oct 23 20:15:50.792299 checkLicense

Oct 23 20:15:50.792379 AccFsm::current state=Acc-Init(0) event=8 astEntry=0x20ff4d8 session-id:26757

Oct 23 20:15:50.792954 ACC-FSM:sendAccStopWithNullStats_a9 for session-id:26757

Oct 23 20:15:50.792996 calcAndAddVolumeStats libstats_substats_difference (&stats.ls_app_cleared, &stats.ls_local)

Oct 23 20:15:50.793040 libstats_substats_difference (&stats.ls_ipv6_app_cleared, &stats.ls_ipv6_local)

Oct 23 20:15:50.793081 Authd module Accounting

Oct 23 20:15:50.793128 Authd acctg module start

Oct 23 20:15:50.793160 authd_radius_send_acctg_msg: Starting RADIUS accounting

Oct 23 20:15:50.793193 authd_radius_send_acctg_msg: got params profile=CLIENTS username=ppptest acctg_id=(26757), ls=default, lr=default

Oct 23 20:15:50.793248 radius-acct-stop: User-Name added: ppptest

Oct 23 20:15:50.793291 radius-acct-stop: Acct-Status-Type added: 2

Oct 23 20:15:50.793332 radius-acct-stop: Acct-Session-Id added: 26757

Oct 23 20:15:50.793381 radius-acct-stop: Acct-Input-Octets added: 0

Oct 23 20:15:50.793425 radius-acct-stop: Acct-Output-Octets added: 0

Oct 23 20:15:50.793468 radius-acct-stop: Acct-Session-Time added: 119

Oct 23 20:15:50.793511 radius-acct-stop: Acct-Input-Packets added: 0

Oct 23 20:15:50.793554 radius-acct-stop: Acct-Output-Packets added: 0

Oct 23 20:15:50.793598 radius-acct-stop: Acct-Terminate-Cause added: 10

Oct 23 20:15:50.793641 Taking a client snapshot, session-id:26757

Oct 23 20:15:50.793840 radius-acct-stop: Service-Type added: 2

Oct 23 20:15:50.793896 radius-acct-stop: Framed-Protocol added: 1

Oct 23 20:15:50.794454 radius-acct-stop: Cos-Shaping-Rate (Juniper-ERX-VSA) added: Port Speed: 1000000k

Oct 23 20:15:50.794536 radius-acct-stop: Acct-Authentic added: 1

Oct 23 20:15:50.794587 radius-acct-stop: Acct-Delay-Time added: 0

Oct 23 20:15:50.794645 radius-acct-stop: DHCP-MAC-Address (Juniper-ERX-VSA) added: 9094.e4c8.83ff

Oct 23 20:15:50.794704 radius-acct-stop: Event-Timestamp added: 2017-10-23 20:15:50

Oct 23 20:15:50.794753 radius-acct-stop: Framed-IP-Address added: 79.x.x.25

Oct 23 20:15:50.794902 radius-acct-stop: Input-Gigapackets (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.794954 radius-acct-stop: Acct-Input-Gigawords added: 0

Oct 23 20:15:50.795000 radius-acct-stop: NAS-Identifier added: Juni-2

Oct 23 20:15:50.795049 radius-acct-stop: NAS-Port added: 10 40 08 6d

Oct 23 20:15:50.795090 radius-acct-stop: NAS-Port-Id added: Juni-2#ge-1/1/1.demux0.1073768579:2157##

Oct 23 20:15:50.795137 radius-acct-stop: NAS-Port-Type added: 15

Oct 23 20:15:50.795182 radius-acct-stop: Output-Gigapackets (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.795229 radius-acct-stop: Acct-Output-Gigawords added: 0

Oct 23 20:15:50.795277 radius-acct-stop: IPv6-Acct-Input-Octets (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.795325 radius-acct-stop: IPv6-Acct-Output-Octets (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.795371 radius-acct-stop: IPv6-Acct-Input-Packets (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.795418 radius-acct-stop: IPv6-Acct-Output-Packets (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.795465 radius-acct-stop: IPv6-Acct-Input-Gigawords (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.795512 radius-acct-stop: IPv6-Acct-Output-Gigawords (Juniper-ERX-VSA) added: 0

Oct 23 20:15:50.795567 radius-acct-stop: PPPoE-Description (Juniper-ERX-VSA) added: pppoe 90:94:e4:c8:83:ff

Oct 23 20:15:50.795620 authd_create_application_specific_radius_server: Evaluating RADIUS server 0x511ea029 to add to the server list

Oct 23 20:15:50.795848 handleAcctVolStatsAckAcct Enabled :

Oct 23 20:15:50.795891 checkLicense

Oct 23 20:15:50.795922 TRUE

Oct 23 20:15:50.795954 checkLicense

Oct 23 20:15:50.796027 accFsmExecute::new state=Acc-Stop-On-Fail-Deny-Sent(6)

Oct 23 20:15:50.796066 authd_auth_aaa_msg_destroy

Oct 23 20:15:50.796107 authd_auth_aaa_msg_destroy: removing msg from recv queue

Oct 23 20:15:50.796148 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c

Oct 23 20:15:50.796608 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthAcctVolStatsAckWait(5)

Oct 23 20:15:50.796668 AuthFsm::current state=AuthAcctVolStatsAckWait(5) event=25 astEntry=0x20ff4d8 aaa msg=0

Oct 23 20:15:50.796744 Auth-FSM: Posting a Logout-Ack to the client daemon for session-id:26757

Oct 23 20:15:50.796781 Auth-FSM: (

Trigger LOGOUT-NOTIFICATION SKIPPED

Oct 23 20:15:50.796825 ****astEntry:0x20ff4d8 aaaMsg:0 replyOpcode:1 replySubOpcode:18 replyStatus:1

Oct 23 20:15:50.796867 authd_build_aaa_request: Found dynRequest with cause 0

Oct 23 20:15:50.796905 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=18 (SESSION_LOGOUT_ACK), sub-id=26757, cookie=28084, rply_len=28, num_tlv_blocks=0

Oct 23 20:15:50.796956 ###################################################################

Oct 23 20:15:50.796989 ####################### LOGOUT ACK SENT ########################

Oct 23 20:15:50.797019 ###################################################################

Oct 23 20:15:50.797065 Auth-FSM: GRES-Mirror for session-id:26757 state:AuthAcctStopAckWait(6)

Oct 23 20:15:50.797181 authd_auth_aaa_msg_destroy

Oct 23 20:15:50.797229 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c

Oct 23 20:15:50.797267 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0

Oct 23 20:15:50.797319 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes

Oct 23 20:15:50.847137 authd_radius_get_config:Using radius option config from access profile stanza

Oct 23 20:15:50.847228 Radius result is CLIENT_REQ_STATUS_SUCCESS

Oct 23 20:15:50.847264 authd_radius_acctg_callback Result is :(CLIENT_REQ_STATUS_SUCCESS) reply_code:(Accounting-Response) 5 sub-id: 26757

Oct 23 20:15:50.847313 ======= Accounting RESPONSE Received ==============

Oct 23 20:15:50.847368 AccFsm::current state=Acc-Stop-On-Fail-Deny-Sent(6) event=11 astEntry=0x20ff4d8 session-id:26757

Oct 23 20:15:50.847408 ACC-FSM:notifyAUM_a10 for session-id:26757

Oct 23 20:15:50.847447 AuthFsm::current state=AuthAcctStopAckWait(6) event=26 astEntry=0x20ff4d8 aaa msg=0

Oct 23 20:15:50.847484 Auth-FSM: Posting a Client-Session-Cleanup-Ack to the client daemon for session-id:26757

Oct 23 20:15:50.847523 ****astEntry:0x20ff4d8 aaaMsg:0 replyOpcode:1 replySubOpcode:20 replyStatus:1

Oct 23 20:15:50.847593 authd_build_aaa_request: Found dynRequest with cause 0

Oct 23 20:15:50.847633 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=20 (CLIENT_SESSION_CLEANUP_ACK), sub-id=26757, cookie=0, rply_len=28, num_tlv_blocks=0

Oct 23 20:15:50.847682 ###################################################################

Oct 23 20:15:50.847715 ####################### TERMINATE ACK SENT ########################

Oct 23 20:15:50.847745 ###################################################################

Oct 23 20:15:50.847788 Delete session: 26757

Oct 23 20:15:50.847848 Begin to logout Subscriber

Oct 23 20:15:50.847892 UserAccess:ppptest session-id:26757 state:log-out Juni-2#ge-1/1/1.demux0.1073768579:2157##

Oct 23 20:15:50.847926 ~CoARequest 211406c

Oct 23 20:15:50.847957 cleanServiceList: numRequests 1

Oct 23 20:15:50.847993 markAsProcessed: ServiceRequestEntry service session-id:0

Oct 23 20:15:50.848040 ~DynamicRequestEntry 211406c

Oct 23 20:15:50.848119 Removing client snapshot

Oct 23 20:15:50.848184 accFsmExecute::new state=Acc-Stop-Ackd(7)

Oct 23 20:15:50.848315 authd_auth_aaa_msg_destroy

Oct 23 20:15:50.848365 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c

Oct 23 20:15:50.848403 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0

Oct 23 20:15:50.848456 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes

Oct 23 20:15:50.885147 authd_read_msg: Fresh msg arrival. fd=81, hdr_read=0, hdr_remnant=0, payload_read=0 payload_remnant=0

Oct 23 20:15:50.885219 fresh message conn=0x2c3f000

Oct 23 20:15:50.885262 read fresh message conn=0x2c3f000 hdr_remnant=0 hdr_read=32

Oct 23 20:15:50.885294 Read payload for new message. fd=81, rqst_len=32

Oct 23 20:15:50.885325 Read payload for new message. fd=81, payload_len=0, rqst_len=32, cookie=28085

Oct 23 20:15:50.885379 Process/Dispatch Client Message

Oct 23 20:15:50.885414 New Process/Dispatch Client Message

Oct 23 20:15:50.885464 authd_auth_aaa_msg_create: num_of_tlvs:0 tot_num_of_tlv:0

Oct 23 20:15:50.886155 authd_auth_aaa_msg_create aaa-key: username:() profile:()

Oct 23 20:15:50.886195 Process Request

Oct 23 20:15:50.886236 Client request received on conn-id:jpppd session-id:26757 Opcode:1, Subcode:19

Oct 23 20:15:50.886277 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:3186 AST-Table couldn't find the session:26757

Oct 23 20:15:50.886315 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:4027 Failed to get ASTEntry for session-id:26757

Oct 23 20:15:50.886354 ../../../../../src/junos/usr.sbin/authd/aaa-service/authd_aaa_astable.cc:3218 Pending ACCT Stop Table couldn't find the session:26757

Oct 23 20:15:50.886388 ###################################################################

Oct 23 20:15:50.886420 ################ TERMINATE-REQ RCVD AFTER CLEANUP #################

Oct 23 20:15:50.886453 ###################################################################

Oct 23 20:15:50.886484 authd_auth_send_answer: conn=2c3f000, reply-code=1 (OK), result-subopcode=20 (CLIENT_SESSION_CLEANUP_ACK), sub-id=26757, cookie=28085, rply_len=28, num_tlv_blocks=0

Oct 23 20:15:50.886540 ###################################################################

Oct 23 20:15:50.886574 ########## TERMINATE-REQ-ACK SENT (FAKE - AFTER CLEANUP) ##########

Oct 23 20:15:50.886694 ###################################################################

Oct 23 20:15:50.886729 authd_auth_aaa_msg_destroy

Oct 23 20:15:50.886781 authd_auth_aaa_msg_destructauth_aaa_msg: 0x1f7006c

Oct 23 20:15:50.886827 authd_write_conn: response is 0x2c3f05c, total len is 28 and sent is 0

Oct 23 20:15:50.888483 authd_write_conn: response is 0x2c3f05c, wrote 28 bytes

Oct 23 20:15:51.224861 serviceRadiusRequestQueues Serviced 1 RADIUS requests

Oct 23 20:15:51.224944 serviceRadiusRequestQueues Queue CLIENTS has 0 requests, peak is 0

А Session-Timeout := 2592000 делалось так же для цыски, дабы сессии долго держали сами по себе.

Вы со стороны радиуса для жунипера что то кардинально допиливали что бы все взлетело?

Відредаговано 23 жовтня, 2017 SanMiron

l1ght · 23 жовтня, 2017

Ну для IPoE вообще ничего особенного. 1 check, 4 reply.

Может с прошивкой чего не то?

С такой вот Junos: 15.1R6.7 IPoE работает стабильно.

trinity0333 · 24 жовтня, 2017

А Session-Timeout := 2592000 делалось так же для цыски, дабы сессии долго держали сами по себе. Вы со стороны радиуса для жунипера что то кардинально допиливали что бы все взлетело?

особо ничего не допиливалось, взлетело из мануалов да форумов.. но пппое у нас для совсем "тугих" девайсов . так стараемся на ipoe всё..

Junos: 15.1R6-S3

а на lo0 фильтр не висит случаем?

SanMiron · 24 жовтня, 2017

А Session-Timeout := 2592000 делалось так же для цыски, дабы сессии долго держали сами по себе. Вы со стороны радиуса для жунипера что то кардинально допиливали что бы все взлетело?

особо ничего не допиливалось, взлетело из мануалов да форумов.. но пппое у нас для совсем "тугих" девайсов . так стараемся на ipoe всё..

Junos: 15.1R6-S3

а на lo0 фильтр не висит случаем?

version 13.3R9.13;

Только такой фильтр:

filter SSH_Limit {

term allow_ip {

from {

source-address {

37.x.x.x/21;

46.x.x.x/21;

79.x.x.x/20;

81.x.x.x/20;

176.x.x.x/21;

}

destination-port 22;

}

then accept;

}

term block_another {

from {

destination-port 22;

}

then {

discard;

}

term allow_all {

then accept;

}

lo0 {

unit 0 {

family inet {

filter {

input SSH_Limit;

}

address 127.0.0.1/32;

}

trinity0333 · 24 жовтня, 2017

address 127.0.0.1/32 - меня это смущает

SanMiron · 24 жовтня, 2017

address 127.0.0.1/32 - меня это смущает

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

trinity0333 · 24 жовтня, 2017

address 127.0.0.1/32 - меня это смущает

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

ну что-то не из 127/8 можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на нем строить с таким адресом?

SanMiron · 24 жовтня, 2017

address 127.0.0.1/32 - меня это смущает

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

ну что-то не из 127/8 можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на нем строить с таким адресом?

А вы можете показать что находится у вас в dictionary.juniper?

Кстати после изменения адреса lo0 сессия держала уже не 2 минуты а 1 секунду...

Відредаговано 24 жовтня, 2017 SanMiron

trinity0333 · 24 жовтня, 2017

address 127.0.0.1/32 - меня это смущает

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

ну что-то не из 127/8 можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на нем строить с таким адресом?

А вы можете показать что находится у вас в dictionary.juniper?

Кстати после изменения адреса lo0 сессия держала уже не 2 минуты а 1 секунду...

а что сейчас в логах?

по словарю в радиусе? стандартно все.. по-дефолту из пакетов. но у нас не pppoe (при написании процедур radcheck и radreply только игрался.. но поднимается все и работает), у нас ipoe местами..

SanMiron · 24 жовтня, 2017

address 127.0.0.1/32 - меня это смущает

Я ничего не менял, по дэфолту стоит, а что я тут должен прописать?)

ну что-то не из 127/8 можно попробовать 10.0.0.1/32 допустим ) что-нибудь не из лупбек адресов ) как потом ospf/ldp итд на нем строить с таким адресом?

А вы можете показать что находится у вас в dictionary.juniper?

Кстати после изменения адреса lo0 сессия держала уже не 2 минуты а 1 секунду...

а что сейчас в логах?

по словарю в радиусе? стандартно все.. по-дефолту из пакетов. но у нас не pppoe (при написании процедур radcheck и radreply только игрался.. но поднимается все и работает), у нас ipoe местами..

Да все тоже:

Tue Oct 24 16:30:56 2017

User-Name = "ppptest"

Acct-Status-Type = Stop

Acct-Session-Id = "28375"

Acct-Input-Octets = 0

Acct-Output-Octets = 0

Acct-Session-Time = 119

Acct-Input-Packets = 0

Acct-Output-Packets = 0

Acct-Terminate-Cause = NAS-Request

Service-Type = Framed-User

Framed-Protocol = PPP

ERX-Attr-177 = 0x506f72742053706565643a20313030303030306b

Acct-Authentic = RADIUS

Acct-Delay-Time = 0

ERX-Dhcp-Mac-Addr = "9094.e4c8.83ff"

Event-Timestamp = "Oct 24 2017 19:36:05 EEST"

Framed-IP-Address = 79.x.x.25

ERX-Input-Gigapkts = 0

Acct-Input-Gigawords = 0

NAS-Identifier = "Juni-2"

NAS-Port = 272631917

NAS-Port-Id = "ge-1/1/1.demux0.1073770061:2157"

NAS-Port-Type = Virtual

ERX-Output-Gigapkts = 0

Acct-Output-Gigawords = 0

ERX-IPv6-Acct-Input-Octets = 0

ERX-IPv6-Acct-Output-Octets = 0

ERX-IPv6-Acct-Input-Packets = 0

ERX-IPv6-Acct-Output-Packets = 0

ERX-IPv6-Acct-Input-Gigawords = 0

ERX-IPv6-Acct-Output-Gigawords = 0

ERX-Pppoe-Description = "pppoe 90:94:e4:c8:83:ff"

NAS-IP-Address = 81.x.x.16

Acct-Unique-Session-Id = "68d2899b5a07d6c1"

Timestamp = 1508851856

l1ght · 24 жовтня, 2017

А я юзаю unisphere аттрибуты

SanMiron · 24 жовтня, 2017

А я юзаю unisphere аттрибуты

Типа такого файла?:

#################################################################################################

# unisphere.dct - Unisphere MX Family dictionary to support JUNOS v12.3

# (Note: JUNOSe attribute breakdown by JUNOSe releases not reflected in this document.

# JUNOSe information is based on complete JUNOSe attribute listing as of 5/19/10).

#

# (See README.DCT for more details on the format of this file)

#

# please note that tunnel attributes (8, 9, 33, 35, 39 - 41)

# and service attributes (65 - 69) may be tagged

#

#################################################################################################

#

# Use the Radius specification attributes

#

@radius.dct

#

# Define additional Unisphere ERX Family Attributes

#

# for untagged attributes: t = attr type value (attr id); s = data type (integer, string, etc)

MACRO ERX-VSA(t,s) 26 [vid=4874 type1=%t% len1=+2 data=%s%]

# for tagged strings t = attr type value (attr id); f = tag value

MACRO ERX-TAGGED-STRING-VSA(t,f) 26 [vid=4874 type1=%t% len1=+3 tag=%f% data=string]

# for integers t = attr type value (attr id); f = tag value

MACRO ERX-TAGGED-INT-VSA(t,f) 26 [vid=4874 type1=%t% len1=+2 tag=%f% data=integer]

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Virtual-Router ERX-VSA(1, string) rt

#JUNOse only

ATTRIBUTE Unisphere-Local-Address-Pool ERX-VSA(2, string) r

#JUNOse only

ATTRIBUTE Unisphere-Local-Interface ERX-VSA(3, string) r

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Primary-Dns ERX-VSA(4, ipaddr) r

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Secondary-Dns ERX-VSA(5, ipaddr) r

#JUNOS and JUNOse

ATTRIBUTE Unisphere-Primary-Wins ERX-VSA(6, ipaddr) r

l1ght · 24 жовтня, 2017

как-то так

https://pastebin.com/CGc0zTgt

SanMiron · 26 жовтня, 2017

Во общем добился я поднятия сессии, единственное что я сделал, это добавил в access profile "profile-name" radius options revert-interval 0, и изменил адрес lo0

Увійти

Juniper MX80 + Freeradius PPPoE

Рекомендованные сообщения

SanMiron

KaYot

SanMiron

skylaer

trinity0333

SanMiron

SanMiron

trinity0333

l1ght

SanMiron

l1ght

trinity0333

SanMiron

trinity0333

SanMiron

trinity0333

SanMiron

trinity0333

SanMiron

l1ght

SanMiron

l1ght

SanMiron

Создайте аккаунт или войдите в него для комментирования

Создать аккаунт

Вхід

Зараз на сторінці 0 користувачів

Схожий контент

mx104 Продам маршрутизатор Juniper MX104 1 2 3 4 10

Продам Juniper M5

mx240 Продам маршрутизатор Juniper MX240 1 2 3 4 5

mx204 Продам маршрутизатор Juniper MX204-HW-BASE 1 2 3 4 10

mx204 Маршрутизатор Juniper MX204, новые, в наличии

Спільнота

Активність