|

»

»

Gnu - Radius - General

GNU Radius and 'NAS has wrong ID' problem

View: New views

5 Messages — Rating Filter: Alert me

	GNU Radius and 'NAS has wrong ID' problem by Paul Cole :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi everyone, I have set up a 7206 vxr cisco router to act as a PPPoE server having a radius to authenticate customers. I am in a testing phase and I am currently dealing with a serious issue concerning this error : 'NAS has wrong ID'... I am testing with 2 users and each of them can access the server and get connected but when I am trying to see in radius if they are connected, I can only see one user connected (radwho command) and the other user's connection is flapping but I can't see them connected both when physically they are connected on the PPPoE server...the radius log shows them connected (Login OK) but is showing the message about the wrong NAS ID... Any idea about what could cause this and how to solve it ?
	Re: GNU Radius and 'NAS has wrong ID' problem by Scott Lambert :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, Aug 26, 2009 at 09:25:26AM -0700, Paul Cole wrote: > Hi everyone, > > I have set up a 7206 vxr cisco router to act as a PPPoE server having an > radius to authenticate customers. > > I am in a testing phase and I am currently dealing with a serious issue > concerning this error : 'NAS has wrong ID'... > > I am testing with 2 users and each of them can access to the server and get > connected bu when I am trying to see in radius if they are connected, I can > only see one user connected (radwho command) and the other user's connection > is flapping but I can't see them connected both when physically they are > connected on the PPPoE server...the radius log shows them connected > (connection OK) but is showing the message about the wrong NAS ID... > > Any idea about what could cause this and how to solve it ? I'm not exactly certain I'm barking up the right tree here, but here is a guess. Does the cisco have a config entry similar to ?: ip radius source-interface (interface with the IP address which is in your clients configuration) i.e. ip radius source-interface Loopback0 Where Loopback0 has been configured with your management IP for the router. If not, the Cisco will talk to your radius server with the IP of the interface closest to the radius server, which may not be the IP you configured in your radius clients configuration. -- Scott Lambert KC5MLE Unix SysAdmin lambert@... _______________________________________________ Help-gnu-radius mailing list Help-gnu-radius@... http://lists.gnu.org/mailman/listinfo/help-gnu-radius
	Re: GNU Radius and 'NAS has wrong ID' problem by Paul Cole :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Lambert, Yes, the Cisco has a conf like that. Where it is sending accounting to the radius correctly. With my two tested users, they can both connect through the cisco PPPoE server and authenticate with radius but the radius seems to record only one connection (when issuing the radwho command, I see only one user connected at a time...) and the radius log shows the message of 'NAS has wrong ID..'. I've seen many posts about this issue and some of them are suggesting to fix the NAS so it will send same set of information when users connect and disconnect...but none of them is actually suggesting how... Scott Lambert wrote: On Wed, Aug 26, 2009 at 09:25:26AM -0700, Paul Cole wrote: > Hi everyone, > > I have set up a 7206 vxr cisco router to act as a PPPoE server having an > radius to authenticate customers. > > I am in a testing phase and I am currently dealing with a serious issue > concerning this error : 'NAS has wrong ID'... > > I am testing with 2 users and each of them can access to the server and get > connected bu when I am trying to see in radius if they are connected, I can > only see one user connected (radwho command) and the other user's connection > is flapping but I can't see them connected both when physically they are > connected on the PPPoE server...the radius log shows them connected > (connection OK) but is showing the message about the wrong NAS ID... > > Any idea about what could cause this and how to solve it ? I'm not exactly certain I'm barking up the right tree here, but here is a guess. Does the cisco have a config entry similar to ?: ip radius source-interface (interface with the IP address which is in your clients configuration) i.e. ip radius source-interface Loopback0 Where Loopback0 has been configured with your management IP for the router. If not, the Cisco will talk to your radius server with the IP of the interface closest to the radius server, which may not be the IP you configured in your radius clients configuration. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org _______________________________________________ Help-gnu-radius mailing list Help-gnu-radius@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnu-radius
	Re: GNU Radius and 'NAS has wrong ID' problem by Sergey Poznyakoff-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Paul, > I am in a testing phase and I am currently dealing with a serious issue > concerning this error : 'NAS has wrong ID'... There are two possible cases: 1) logout: entry for NAS %s port %d has wrong ID (expected %s found %s) Somehow the start accounting record of the next session for this NAS/port combination has been processed before the stop accounting record reached the server. Usually this means the original start record was lost, and the NAS retransmitted it later, but by the time the record was received, the entry was already marked as being used by another session. 2) login: entry for NAS %s port %d wrong order While writing a start entry, radiusd discovered that this NAS/port combination is already marked with stop for the same session id. This means that the stop record reached radius server before the start record (possibly due to network issues or high server load). Usually the corresponding session has zero Acct-Session-Time attribute. Which one do you see in your logs? Regards, Sergey _______________________________________________ Help-gnu-radius mailing list Help-gnu-radius@... http://lists.gnu.org/mailman/listinfo/help-gnu-radius
	Re: GNU Radius and 'NAS has wrong ID' problem by Paul Cole :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Sergey, Many thanks for your guidance on this. I am seing this error : 1) logout: entry for NAS %s port %d has wrong ID (expected %s found %s) Any idea how to set this to work ? Sergey Poznyakoff-2 wrote: Hi Paul, > I am in a testing phase and I am currently dealing with a serious issue > concerning this error : 'NAS has wrong ID'... There are two possible cases: 1) logout: entry for NAS %s port %d has wrong ID (expected %s found %s) Somehow the start accounting record of the next session for this NAS/port combination has been processed before the stop accounting record reached the server. Usually this means the original start record was lost, and the NAS retransmitted it later, but by the time the record was received, the entry was already marked as being used by another session. 2) login: entry for NAS %s port %d wrong order While writing a start entry, radiusd discovered that this NAS/port combination is already marked with stop for the same session id. This means that the stop record reached radius server before the start record (possibly due to network issues or high server load). Usually the corresponding session has zero Acct-Session-Time attribute. Which one do you see in your logs? Regards, Sergey _______________________________________________ Help-gnu-radius mailing list Help-gnu-radius@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnu-radius