Не могу расколдовать аккаунтинг.
Опишу все по шагам, согласно вики.
Цитата:
После запуска BGInetAccess убедитесь: 1. Что устройства и привязанные к ним сервисы загрузились:
Код:
# /usr/local/BGInetAccess/access.sh servmap
Java Runtime: Sun Microsystems Inc. Java HotSpot(TM) Client VM [1.6.0_25] /opt/jdk1.6.0_25/jre
Runtime name: 22200@bgb
Java endorsed dirs: ./lib/endorsed:/opt/jdk1.6.0_25/lib/endorsed
OS: Linux 2.6.32-5-xen-686 [i386], file.encoding: ANSI_X3.4-1968, user.name: root
Heap sizes: current=4992k free=4616k max=95040k
ContractId: 2; servId: 7
LOGIN:INET_FAKE
Options [6:29.08.2011-?; ] TariffModuleTreeSet [1:29.08.2011-?; ]
Device state: 1; optionSet:
Balance: 0; Limit: 0
ContractId: 2; servId: 5
?????:INET
Options [2:29.08.2011-?; ] TariffModuleTreeSet [1:29.08.2011-?; ]
Device state: 1; optionSet:
Balance: 0; Limit: 0
ContractId: 2; servId: 6
LOGIN:INET_TURBO
Options [3:29.08.2011-?; ] TariffModuleTreeSet [1:29.08.2011-?; ]
Device state: 1; optionSet:
Balance: 0; Limit: 0
ContractId: 1; servId: 8
LOGIN:00063408044088b0:0004000e0001
Options [] TariffModuleTreeSet [2:29.08.2011-?; ]
Device state: 1; optionSet:
Balance: 100000; Limit: 0
Цитата:
2. В radius-processor.log должен быть загружен NAS.
Код:
# cat /usr/local/BGInetAccess/log/radius-processor.log
08-30/17:18:59 INFO [main] DefaultServerSetup - Binding javax.jms.ConnectionFactory[org.apache.activemq.ActiveMQConnectionFactory@388993] to java:comp/env/mq/connectionFactory
08-30/17:18:59 INFO [main] DefaultServerSetup - Init DB connection pools
08-30/17:19:00 INFO [main] DefaultServerSetup - Binding JDBC pool "master" to java:comp/env/jdbc/master
08-30/17:19:00 INFO [main] DefaultServerSetup - Init trash pools..
08-30/17:19:03 INFO [main] InetRadiusProcessor - Reloading nas list
08-30/17:19:03 INFO [main] InetNasList - Loading NAS list...
08-30/17:19:04 INFO [main] NasList - LOADED NAS: Nas id: test-isg.test.local; ip: 10.14.14.1
CONFIG:
accounting.flushing.1=0:10:5
accounting.flushing.thread.count=1
accounting.tariffication.1=0:10:5
accounting.tariffication.thread.count=1
dhcp.net.option.10.14.14.0.0:255.255.255.0.gate=10.14.14.1
dhcp.option.dns=8.8.8.8
dhcp.option.leaseTime=600
dhcp.option.serverIdentifier=0.0.0.0
dhcp.relay.deviceTypeIds=1
nas.deviceTypeIds=1
nas.radius.host=10.11.11.1
nas.radius.inetOption.1.attributes=cisco-SSG-Account-Info=AINET
nas.radius.inetOption.2.attributes=cisco-avpair=ip:traffic-class=in access-group 196 priority 200;cisco-avpair=ip:traffic-class=in default drop;cisco-avpair=ip:traffic-class=out access-group 196 priority 200;cisco-avpair=ip:traffic-class=out default drop;cisco-avpair=subscriber:accounting-list=ISG-AUTH-1;Acct-Interim-Interval=60;cisco-SSG-Service-Info=QU;;500000;;750000;;D;;500000;;750000
nas.radius.inetOption.3.attributes=cisco-avpair=ip:traffic-class=in access-group 196 priority 201;cisco-avpair=ip:traffic-class=in default drop;cisco-avpair=ip:traffic-class=out access-group 196 priority 200;cisco-avpair=ip:traffic-class=out default drop;cisco-avpair=subscriber:accounting-list=ISG-AUTH-1;Acct-Interim-Interval=60;cisco-SSG-Service-Info=QU;;600000;;760000;;D;;600000;;760000
nas.radius.inetOption.4.attributes=cisco-SSG-Account-Info=AINET_TURBO
nas.radius.inetOption.6.attributes=cisco-avpair=ip:traffic-class=in access-group 196 priority 201;cisco-avpair=ip:traffic-class=in default drop;cisco-avpair=ip:traffic-class=out access-group 196 priority 200;cisco-avpair=ip:traffic-class=out default drop;cisco-avpair=subscriber:accounting-list=ISG-AUTH-1;Acct-Interim-Interval=60;cisco-SSG-Service-Info=QU;;600000;;760000;;D;;600000;;760000
nas.radius.port=1700
nas.radius.realm.default.pool=1
nas.radius.realm.reject.attributes=cisco-SSG-Account-Info=AINET_FAKE
nas.radius.realm.reject.pool=2
nas.secret=123
realm.reject.error=1,2,3,4,10,11,12
session.close.timeout=900
session.suspend.timeout=1800
Цитата:
3. В dhcp.log должна отобразиться загрузка релея.
Код:
# cat /usr/local/BGInetAccess/log/dhcp.log
09-07/15:56:23 INFO [main] DefaultServerSetup - Binding javax.jms.ConnectionFactory[org.apache.activemq.ActiveMQConnectionFactory@388993] to java:comp/env/mq/connectionFactory
09-07/15:56:23 INFO [main] DefaultServerSetup - Init DB connection pools
09-07/15:56:23 INFO [main] DefaultServerSetup - Binding JDBC pool "master" to java:comp/env/jdbc/master
09-07/15:56:24 INFO [main] DefaultServerSetup - Init trash pools..
09-07/15:56:30 INFO [main] InetDhcpDeviceMap - Load DHCP relay list, types: [1].
09-07/15:56:30 INFO [main] InetDhcpDeviceMap - Loaded device: 2; /10.14.14.1
09-07/15:56:30 INFO [main] InetDhcpHelperProcessor - Restore connections on DhcpHelper
Цитата:
Cisco получает запрос, инициирует авторизацию по RADIUS протоколу. В это время в radius.log BGInetAccess должно появиться.
Код:
Packet type: Access-Request
Identifier: 7
Authenticator: {7B FD 6F 38 A3 C5 B8 08 02 FA A7 21 E3 FA 84 3C}
Attributes:
User-Name=00063408044088b0:0004000e0001:90e6.ba70.8859
NAS-Identifier=test-isg.test.local
NAS-Port-Id=0/0/0/14
User-Password=123
NAS-IP-Address=10.11.11.1
NAS-Port=174
Service-Type=5
Acct-Session-Id=77000000000000AE
NAS-Port-Type=33
cisco-avpair=circuit-id-tag=0004000e0001
cisco-avpair=remote-id-tag=00063408044088b0
cisco-NAS-Port=0/0/0/14
09-07/15:58:47 INFO [radiusListener-p-10-t-1] InetRadiusProcessor - REQUEST_AFTER_PREPROCESS:
Packet type: Access-Request
Identifier: 7
Authenticator: {7B FD 6F 38 A3 C5 B8 08 02 FA A7 21 E3 FA 84 3C}
Attributes:
User-Name=00063408044088b0:0004000e0001
NAS-Identifier=test-isg.test.local
NAS-Port-Id=0/0/0/14
User-Password=123
NAS-IP-Address=10.11.11.1
NAS-Port=174
Service-Type=5
Calling-Station-Id=90e6.ba70.8859
Acct-Session-Id=77000000000000AE
NAS-Port-Type=33
cisco-avpair=circuit-id-tag=0004000e0001
cisco-avpair=remote-id-tag=00063408044088b0
cisco-NAS-Port=0/0/0/14
09-07/15:58:47 INFO [radiusListener-p-10-t-1] InetRadiusProcessor - [username=00063408044088b0:0004000e0001] Authenticated as inetServId:8
09-07/15:58:47 INFO [radiusListener-p-10-t-1] InetRadiusProcessor - Return code=0
09-07/15:58:47 INFO [radiusListener-p-10-t-1] InetDhcpHelperProcessor - Put auth accept 2:00063408044088B0:0004000E0001:90E6BA708859
09-07/15:58:47 INFO [radiusListener-p-10-t-1] InetRadiusProcessor - RESPONSE_BEFORE_POSTPROCESS:
Packet type: Access-Accept
Identifier: 7
Authenticator: {}
Attributes:
Framed-IP-Address=10.14.14.10
Process time auth: 223
09-07/15:58:47 INFO [radiusListener-p-10-t-1] InetRadiusListenerWorker - RESPONSE:
Packet type: Access-Accept
Identifier: 7
Authenticator: {43 0C 80 49 D6 F2 EC 15 0D 41 C7 06 09 C7 28 0D}
Attributes:
Framed-IP-Address=10.14.14.10
Process time auth: 226
09-07/15:58:47 INFO [radiusListener-p-10-t-1] HourlyDataLogEntry - Create dataLog file: /usr/local/BGInetAccess/data/radius/source_2/2011/2011-09/2011-09-07/log_2011-09-07-15.000.bgdl
Цитата:
Получив RADIUS Accept Cisco отправляет отрелеенные DHCP запросы. Примерно такое должно появиться в dhcp.log BGInetAccess сервера.
Код:
Message type: BOOT_REQUEST
Dhcp message type: DHCP Discover{1}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 3, flags: 0
Client IP: 0.0.0.0
Your IP: 0.0.0.0
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Host name{12}={fessae-laptop}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
09-07/15:58:47 INFO [dhcpLstnr-p-11-t-1] InetAbstractDhcpProcessor - REQUEST_AFTER_PREPROCESS:
Message type: BOOT_REQUEST
Dhcp message type: DHCP Discover{1}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 3, flags: 0
Client IP: 0.0.0.0
Your IP: 0.0.0.0
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Host name{12}={fessae-laptop}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
09-07/15:58:47 INFO [dhcpLstnr-p-11-t-1] InetAbstractDhcpProcessor - RESPONSE_BEFORE_POSTPROCESS:
Message type: BOOT_RESPONSE
Dhcp message type: DHCP Offer{2}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 0, flags: 0
Client IP: 0.0.0.0
Your IP: 10.14.14.10
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
IP Address Lease Time{51}=600
DNS{6}={08080808}
Server Identifier{54}={00000000}
Subnet mask{1}=255.255.255.0
Router{3}=10.14.14.1
09-07/15:58:47 INFO [dhcpLstnr-p-11-t-1] InetAbstractDhcpProcessor - RESPONSE:
Message type: BOOT_RESPONSE
Dhcp message type: DHCP Offer{2}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 0, flags: 0
Client IP: 0.0.0.0
Your IP: 10.14.14.10
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Server Identifier{54}={00000000}
IP Address Lease Time{51}=600
Subnet mask{1}=255.255.255.0
Router{3}=10.14.14.1
DNS{6}={08080808}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
09-07/15:58:47 INFO [dhcpLstnr-p-11-t-2] InetAbstractDhcpProcessor - REQUEST:
Message type: BOOT_REQUEST
Dhcp message type: DHCP Request{3}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 3, flags: 0
Client IP: 0.0.0.0
Your IP: 0.0.0.0
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Server Identifier{54}={0A0E0E01}
Requested IP Address{50}=10.14.14.10
Host name{12}={fessae-laptop}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
09-07/15:58:47 INFO [dhcpLstnr-p-11-t-2] InetAbstractDhcpProcessor - REQUEST_AFTER_PREPROCESS:
Message type: BOOT_REQUEST
Dhcp message type: DHCP Request{3}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 3, flags: 0
Client IP: 0.0.0.0
Your IP: 0.0.0.0
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Server Identifier{54}={0A0E0E01}
Requested IP Address{50}=10.14.14.10
Host name{12}={fessae-laptop}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
09-07/15:58:47 INFO [dhcpLstnr-p-11-t-2] InetAbstractDhcpProcessor - RESPONSE_BEFORE_POSTPROCESS:
Message type: BOOT_RESPONSE
Dhcp message type: DHCP ACK{5}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 0, flags: 0
Client IP: 0.0.0.0
Your IP: 10.14.14.10
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
IP Address Lease Time{51}=600
DNS{6}={08080808}
Server Identifier{54}={00000000}
Subnet mask{1}=255.255.255.0
Router{3}=10.14.14.1
09-07/15:58:47 INFO [dhcpLstnr-p-11-t-2] InetAbstractDhcpProcessor - RESPONSE:
Message type: BOOT_RESPONSE
Dhcp message type: DHCP ACK{5}
htype: 1, hlen: 6, hops: 1
xid: 972935717, secs: 0, flags: 0
Client IP: 0.0.0.0
Your IP: 10.14.14.10
Server IP: 0.0.0.0
Relay IP: 10.14.14.1
Client MAC: {90E6BA708859}
Server Identifier{54}={00000000}
IP Address Lease Time{51}=600
Subnet mask{1}=255.255.255.0
Router{3}=10.14.14.1
DNS{6}={08080808}
Parameter request list{55}={1, 28, 2, 3, 15, 6, 119, 12, 44, 47, 26, 121, 42, 121, -7, -4, 42}
Agent information{82}=
sub{1}={0004000E0001}
sub{2}={00063408044088B0}
Цитата:
На BGInetAccounting должен прийти старт-пакет с информацией по сессии.
Код:
cat /usr/local/BGInetAccounting/log/radius.log |more
09-07/16:04:10 INFO [main] DefaultServerSetup - Binding javax.jms.ConnectionFactory[org.apache.activemq.ActiveMQConnectionFactory@388993] to java:comp/env/
mq/connectionFactory
09-07/16:04:10 INFO [main] DefaultServerSetup - Init DB connection pools
09-07/16:04:11 INFO [main] DefaultServerSetup - Binding JDBC pool "master" to java:comp/env/jdbc/master
09-07/16:04:11 INFO [main] DefaultServerSetup - Init trash pools..
09-07/16:04:15 INFO [main] radius - Eap not enabled (keystore file not loaded).
И тишина.
Конфиг cisco как в вики
Код:
!
version 12.2
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname test-isg
!
boot-start-marker
boot-end-marker
!
enable password 7 1543595F507F7D
!
aaa new-model
aaa session-mib disconnect
!
!
aaa group server radius ISG-RADIUS
server 10.11.11.2 auth-port 1812 acct-port 1813
!
aaa authentication login ISG-AUTH-1 group ISG-RADIUS
aaa authorization network ISG-AUTH-1 group ISG-RADIUS
aaa authorization subscriber-service default local group ISG-RADIUS
aaa accounting delay-start
aaa accounting update periodic 5
aaa accounting network ISG-AUTH-1 start-stop group ISG-RADIUS
!
aaa nas port extended
!
!
!
aaa server radius dynamic-author
client 10.11.11.2
server-key 7 13544541
auth-type any
!
aaa session-id common
ip subnet-zero
ip source-route
!
!
ip dhcp relay information policy keep
ip dhcp relay information trust-all
!
!
ip cef
ip domain name test.local
!
!
subscriber authorization enable
multilink bundle-name authenticated
!
!
username fessae privilege 15 password 7 055A545C751918
username anix privilege 15 password 7 03550958525A77
!
!
ip ssh version 2
policy-map type control ISG-INTERFACE-POLICY
class type control always event session-start
10 authorize aaa list ISG-AUTH-1 password 123 identifier remote-id plus circuit-id plus mac-address
30 service-policy type service name LOCAL_L4R
!
class type control always event session-restart
10 authorize aaa list ISG-AUTH-1 password 123 identifier remote-id plus circuit-id plus mac-address
30 service-policy type service name LOCAL_L4R
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
speed auto
duplex auto
!
interface FastEthernet0/0.11
description to_BGB
encapsulation dot1Q 11
ip address 10.11.11.1 255.255.255.0
!
interface FastEthernet0/0.14
description to_users
encapsulation dot1Q 14
ip address 10.14.14.1 255.255.255.0
ip helper-address 10.11.11.2
service-policy type control ISG-INTERFACE-POLICY
ip subscriber l2-connected
initiator dhcp class-aware
!
interface FastEthernet0/1
description to_real_world
ip address 10.1.19.145 255.255.255.0
speed auto
duplex auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.19.1
!
!
no ip http server
no ip http secure-server
!
access-list 196 remark catch all traffic
access-list 196 permit ip any any
!
!
radius-server attribute 44 include-in-access-req
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 61 extended
radius-server host 10.11.11.2 auth-port 1812 acct-port 1813 key 7 13544541
radius-server unique-ident 119
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
end
IOS - c7200-adventerprisek9-mz.122-33.SRD4