Выручайте чайника! UTM5 RADIUS+CISCO

alex50-

Всем доброго времени суток! Недавно перед мной встала задача объединения Cisco 7201 и UTM5. Вроде на первый взгляд логично и понятно. Но возникла проблемка, при попытки установит ПППОЕ сессию, у клиента вылетает 691 ошибка. На сиськи подключение видать, радиус сервер тоже логи пишет.

Код: Выделить всё

?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; User <test> connecting
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; Session for sessionid <test> not found in <172.17.0.1> cache
 ERROR &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RADIUS DBA&#58; Can't find login <test>
 ERROR &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RADIUS DBA&#58; Card login <test> contains not digit symbol with code <116> ! Can't find card login
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; Attempt to add new Card user&#58; <test>
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; CHAP Autoadd&#58; Using Authenticator as CHAP-Challenge
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RADIUS DBA&#58; Sending Auto-Add Request for Card-ID&#58; test
?Debug &#58; Jul 04 15&#58;22&#58;28 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Got User-Autoadd id <-13> &#40;CHAP&#41;
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; Got AutoAdd -13 UID from core.
 ERROR &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; No data for User <test> found.
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; Auth reply&#58; RPacket&#58;
Code&#58; 3; ID&#58; 24
<Vendor&#58; 0; Attr&#58; 18>&#91;21&#93;&#58; 417574686f72697a6174696f6e206661696c65642e
<Vendor&#58; 9; Attr&#58; 103>&#91;19&#93;&#58; 683332332d72657475726e2d636f64653d2d31

?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RADIUS Packet&#58; raw data constructed! size <70>
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RadiusSocket&#58; Moving RADIUS packet into send queue
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RadiusSocket&#58; RADIUS raw data sent
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; Next...
<Vendor&#58; 0; Attr&#58; 18>&#91;21&#93;&#58; 417574686f72697a6174696f6e206661696c65642e
<Vendor&#58; 9; Attr&#58; 103>&#91;19&#93;&#58; 683332332d72657475726e2d636f64653d2d31

?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RADIUS Packet&#58; raw data constructed! size <70>
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RadiusSocket&#58; Moving RADIUS packet into send queue
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RadiusSocket&#58; RADIUS raw data sent
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; Next...
?Trace &#58; Jul 04 15&#58;22&#58;28 b73dfb70 AuthServer&#58; Process loop step
?Debug &#58; Jul 04 15&#58;22&#58;28 b73dfb70 RadiusSocket&#58; Waiting for RADIUS raw data
?Debug &#58; Jul 04 15&#58;22&#58;43 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Ping reply received
?Debug &#58; Jul 04 15&#58;23&#58;13 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Ping reply received
?Debug &#58; Jul 04 15&#58;23&#58;43 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Ping reply received
?Debug &#58; Jul 04 15&#58;24&#58;13 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Ping reply received
?Debug &#58; Jul 04 15&#58;24&#58;43 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Ping reply received
?Debug &#58; Jul 04 15&#58;25&#58;13 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Ping reply received
?Debug &#58; Jul 04 15&#58;25&#58;43 b59dab70 RADIUS Stream&#91;plugin&#93;&#58; Ping reply received

Код конфика Сиськи:

Код: Выделить всё


upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AS_Border
!
boot-start-marker
boot system flash disk0&#58;c7200p-adventerprisek9-mz.150-1.M.bin
boot-end-marker
!
!
aaa new-model
!
!
aaa group server radius PPPOE_RADIUS
 server 172.17.2.1 auth-port 1645 acct-port 1646
 ip radius source-interface GigabitEthernet0/1
!
aaa authentication login default local
aaa authentication enable default none
aaa authentication ppp PPPOE group PPPOE_RADIUS
aaa accounting update newinfo periodic 5
aaa accounting network PPPOE
 action-type start-stop
 group PPPOE_RADIUS
!
!
..........................................
!         
!
bba-group pppoe BRAS-PPPOE
 virtual-template 1
 sessions per-mac limit 1
 sessions auto cleanup
!
!
.................................
!
interface GigabitEthernet0/0.899
 description PPPoE Clienti
 encapsulation dot1Q 899
 ip flow ingress
 ip flow egress
 pppoe enable group BRAS-PPPOE
 no cdp enable
!
..............................................
!
!
interface Virtual-Template1
 mtu 1492
 ip unnumbered GigabitEthernet0/1
 ip flow ingress
 ip flow egress
 ip virtual-reassembly
 no logging event link-status
 autodetect encapsulation ppp
 no peer default ip address
 ppp authentication chap ms-chap ms-chap-v2 PPPOE
 ppp authorization PPPOE
 ppp accounting PPPOE
 !
!
ю....................................................
!
!
!
radius-server attribute 44 include-in-access-req
radius-server attribute 44 extend-with-addr
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req 
radius-server attribute 32 include-in-accounting-req 
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute 25 access-request include
no radius-server attribute nas-port
radius-server attribute 31 mac format unformatted
radius-server host 172.17.2.1 auth-port 1645 acct-port 1646
radius-server key 7 140417081E013E
!

Собственно прошу помощи! Посмотри, выскажитесь, посоветуйте.

kamae1ka

фаервол не стоит?радиус и циска общаются между собой??

alex50-

Оу, забыл отписаться, разобрался я, но опять же не без косяков.
Сейчас в темплее прописан пул адресов, и при возбуждении сессии адреса присваиваются оттуда, если пишу в темплей no peer default ip address то сессия не проходит. В чем может быть дело?