Pages

Friday, July 22, 2011

Cisco PPPoE: No idb found! Framed IP Addr might not be included

I encountered this issue today when setting wrong value for the CiscoAVPair attribute on LDAP.
I have radiusIPPool in LDAP mapping to Cisco AVPair used to assign IP Pool for PPPoe users.
The right format for this attribute is "ip:addr-pool=", but I put only
 But the problem is, Cisco BRAS doesn't reject user's connection and just issue the log "No idb found! Framed IP Addr might not be included". That cause the user keep establishing new ppp connnection to BRAS until the maximum session for that user is met or the BRAS has no more resource for new connection.

BE CAREFUL with Cisco AVPAir. Wrong format could cause serious or unexpected problem.

Following is the log message:



Jul 22 13:17:10 VN-Time: RADIUS(00056ED0): Send Access-Request to 192.168.1.2:1812 id 1645/151, len 155
Jul 22 13:17:10 VN-Time: RADIUS:  authenticator 60 D0 60 C5 56 AF 76 65 - 95 40 85 C0 41 88 80 2D
Jul 22 13:17:10 VN-Time: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Jul 22 13:17:10 VN-Time: RADIUS:  User-Name           [1]   11  "ctvtnpc6a"
Jul 22 13:17:10 VN-Time: RADIUS:  User-Password       [2]   18  *
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-Port-Type       [61]  6   PPPoEoVLAN                [33]
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-Port            [5]   6   1124077332              
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-Port-Id         [87]  13  "4/0/19/3860"
Jul 22 13:17:10 VN-Time: RADIUS:  Vendor, Cisco       [26]  41
Jul 22 13:17:10 VN-Time: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=0050.7f7a.02bb"
Jul 22 13:17:10 VN-Time: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Jul 22 13:17:10 VN-Time: RADIUS:  NAS-IP-Address      [4]   6   116.xxx.xxx.xxx            
Jul 22 13:17:10 VN-Time: RADIUS:  Acct-Session-Id     [44]  22  "4/0/19/3860_00057816"
Jul 22 13:17:10 VN-Time: RADIUS(00056ED0): Sending a IPv4 Radius Packet
Jul 22 13:17:10 VN-Time: RADIUS(00056ED0): Started 5 sec timeout
Jul 22 13:17:11 VN-Time: RADIUS: Received from id 1645/149 192.168.1.2:1812, Access-Reject, len 30
Jul 22 13:17:11 VN-Time: RADIUS:  authenticator 44 A6 24 BA 1A B8 0E B3 - A8 A5 F1 27 90 81 01 A7
Jul 22 13:17:11 VN-Time: RADIUS:  Reply-Message       [18]  10
Jul 22 13:17:11 VN-Time: RADIUS:   55 6E 6B 6E 6F 77 6E 20          [ Unknown ]
Jul 22 13:17:11 VN-Time: RADIUS(00056ECF): Received from id 1645/149
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: Reply-Message fragments, 8, total 8 bytes
Jul 22 13:17:11 VN-Time: RADIUS: Received from id 1645/150 192.168.1.2:1812, Access-Accept, len 218
Jul 22 13:17:11 VN-Time: RADIUS:  authenticator 74 B2 77 A0 FB E0 9B E3 - 87 5A 74 1E A1 48 20 0C
Jul 22 13:17:11 VN-Time: RADIUS:  Class               [25]  88
Jul 22 13:17:11 VN-Time: RADIUS:   53 42 52 32 43 4C 9C F2 A2 ED EF AF F3 B1 F3 C0 11 80 43 01 80 04 81 99 8C 86 80 02 80 0A 81 B1 DD 8E E7 A3 B9 E0 E3 9B 80 06 80 05 81 BC 80 C0 80 80 12 80 0E 81 9C F2 A2 ED EF AF F3 B1 F3 C0 80 81 97 C8 13 80 0E 81 99 8C 86 82 EB 8D E8 F6 BA 9B CE 86 99 D8           [ SBR2CLC]
Jul 22 13:17:11 VN-Time: RADIUS:  NAS-Port-Id         [87]  14  "4/0/19/3860 "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  37
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   31  "ip:sub-qos-policy-in=NPC6_UP "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  40
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   34  "ip:sub-qos-policy-out=NPC6_DOWN "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  19
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   13  "IP_POOL_03 "
Jul 22 13:17:11 VN-Time: RADIUS: Received from id 1645/151 192.168.1.2:1812, Access-Accept, len 220
Jul 22 13:17:11 VN-Time: RADIUS:  authenticator 6C 44 67 BC 5B 96 8A 52 - 18 5D E5 C2 8D 30 AE 49
Jul 22 13:17:11 VN-Time: RADIUS:  Class               [25]  90
Jul 22 13:17:11 VN-Time: RADIUS:   53 42 52 32 43 4C 9C F2 A2 ED EF AF F3 B1 F3 C0 11 80 45 01 80 04 81 99 8C 86 80 02 80 0B 81 B1 DD 8E E7 A3 B9 E0 E3 9B 98 A0 06 80 05 81 BC C0 C0 80 80 12 80 0E 81 9C F2 A2 ED EF AF F3 B1 F3 C0 80 81 97 CC 13 80 0F 81 99 8C 86 82 EB 8D E8 F6 BA 9B CE 86 99 D9 C2           [ SBR2CLE]
Jul 22 13:17:11 VN-Time: RADIUS:  NAS-Port-Id         [87]  14  "4/0/19/3860 "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  37
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   31  "ip:sub-qos-policy-in=NPC6_UP "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  40
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   34  "ip:sub-qos-policy-out=NPC6_DOWN "
Jul 22 13:17:11 VN-Time: RADIUS:  Vendor, Cisco       [26]  19
Jul 22 13:17:11 VN-Time: RADIUS:   Cisco AVpair       [1]   13  "IP_POOL_03 "
Jul 22 13:17:11 VN-Time: RADIUS(00056ED1): Received from id 1645/150
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse VSA parts error
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: convert VSA string; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: cisco VSA type 1; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: VSA; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: decoder; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: attribute Vendor-Specific; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse response op decode; FAIL
Jul 22 13:17:11 VN-Time: RADIUS(00056ED0): Received from id 1645/151
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse VSA parts error
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: convert VSA string; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: cisco VSA type 1; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: VSA; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: decoder; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: attribute Vendor-Specific; FAIL
Jul 22 13:17:11 VN-Time: RADIUS/DECODE: parse response op decode; FAIL
Jul 22 13:17:16 VN-Time: RADIUS: [No of bits] slot : 4 port : 3 adapter : 1
        vlanid : 24 vci : 0 vpi : 0 inner_vlan_id : 0
Jul 22 13:17:16 VN-Time: RADIUS: [No of bits] slot : 4 port : 3 adapter : 1
        vlanid : 24 vci : 0 vpi : 0 inner_vlan_id : 0
Jul 22 13:17:16 VN-Time: RADIUS: [No of bits] slot : 4 port : 3 adapter : 1
        vlanid : 24 vci : 0 vpi : 0 inner_vlan_id : 0
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE(00056ED3):Orig. component type = PPPoE
Jul 22 13:17:16 VN-Time: RADIUS: DSL line rate attributes successfully added
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0x4 for character S with bitmask 0xF
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x4 with bit 4 processed
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0x0 for character A with bitmask 0x1
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x8 with bit 5 processed
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0x3 for character P with bitmask 0x7
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x43 with bit 8 processed
Jul 22 13:17:16 VN-Time: RADIUS: Format E value 0xF14 for character V with bitmask 0xFFFFFF
Jul 22 13:17:16 VN-Time: RADIUS: Format E port 0x43000F14 with bit 32 processed
Jul 22 13:17:16 VN-Time: RADIUS(00056ED3): Config NAS IP: 0.0.0.0
Jul 22 13:17:16 VN-Time: RADIUS(00056ED3): Config NAS IPv6: ::
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE: No idb found! Framed IP Addr might not be included
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE(00056ED3): acct_session_id: 358425
Jul 22 13:17:16 VN-Time: RADIUS/ENCODE(00056ED3): Acct-session-id pre-pended with Nas Port = 4/0/19/3860
Jul 22 13:17:16 VN-Time: RADIUS(00056ED3): sending



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)