>>>>> "Basil" == Basil V Dolmatov <dol@east.ru> writes:
>> ни radius, ни tacacs вроде бы не имеют отношения к возврату
>> адресов DNS клиенту.
Basil> Верно...
Тогда что-же происходит?
Basil> Неверно... Выдача адресов DNS-сервера и gateway клиенту
Basil> регулируется командами
Basil> async-bootp <...>
Это есть.
async-bootp dns-server xxx.x.xx.2 xxx.x.xx.4
Вот deb ppp neg при работающем TACACS+ сервере:
Dec 29 12:50:54 6500: As9 LCP: I CONFREQ [Closed] id 0 len 23
Dec 29 12:50:54 6501: As9 LCP: ACCM 0x00000000 (0x020600000000)
Dec 29 12:50:54 6502: As9 LCP: MagicNumber 0x00001FF6 (0x050600001FF6)
Dec 29 12:50:54 6503: As9 LCP: PFC (0x0702)
Dec 29 12:50:54 6504: As9 LCP: ACFC (0x0802)
Dec 29 12:50:54 6505: As9 LCP: Callback 6 (0x0D0306)
Dec 29 12:50:54 6506: As9 LCP: Lower layer not up, discarding packet
Dec 29 12:50:55 6507: As9 PPP: Treating connection as a dedicated line
Dec 29 12:50:55 6508: As9 PPP: Phase is ESTABLISHING, Active Open
Dec 29 12:50:55 6509: As9 LCP: O CONFREQ [Closed] id 80 len 20
Dec 29 12:50:56 6510: As9 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:50:56 6511: As9 LCP: MagicNumber 0xFFDD13C3 (0x0506FFDD13C3)
Dec 29 12:50:56 6512: As9 LCP: PFC (0x0702)
Dec 29 12:50:56 6513: As9 LCP: ACFC (0x0802)
Dec 29 12:50:56 6514: As9 LCP: I CONFACK [REQsent] id 80 len 20
Dec 29 12:50:56 6515: As9 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:50:56 6516: As9 LCP: MagicNumber 0xFFDD13C3 (0x0506FFDD13C3)
Dec 29 12:50:56 6517: As9 LCP: PFC (0x0702)
Dec 29 12:50:56 6518: As9 LCP: ACFC (0x0802)
Dec 29 12:50:56 6524: As9 LCP: I CONFREQ [ACKrcvd] id 0 len 23
Dec 29 12:50:56 6525: As9 LCP: ACCM 0x00000000 (0x020600000000)
Dec 29 12:50:56 6526: As9 LCP: MagicNumber 0x00001FF6 (0x050600001FF6)
Dec 29 12:50:56 6527: As9 LCP: PFC (0x0702)
Dec 29 12:50:56 6528: As9 LCP: ACFC (0x0802)
Dec 29 12:50:56 6529: As9 LCP: Callback 6 (0x0D0306)
Dec 29 12:50:56 6530: As9 LCP: O CONFREJ [ACKrcvd] id 0 len 7
Dec 29 12:50:56 6531: As9 LCP: Callback 6 (0x0D0306)
Dec 29 12:50:56 6532: As9 LCP: I CONFREQ [ACKrcvd] id 1 len 20
Dec 29 12:50:56 6533: As9 LCP: ACCM 0x00000000 (0x020600000000)
Dec 29 12:50:56 6534: As9 LCP: MagicNumber 0x00001FF6 (0x050600001FF6)
Dec 29 12:50:56 6535: As9 LCP: PFC (0x0702)
Dec 29 12:50:56 6536: As9 LCP: ACFC (0x0802)
Dec 29 12:50:56 6537: As9 LCP: O CONFACK [ACKrcvd] id 1 len 20
Dec 29 12:50:56 6538: As9 LCP: ACCM 0x00000000 (0x020600000000)
Dec 29 12:50:56 6539: As9 LCP: MagicNumber 0x00001FF6 (0x050600001FF6)
Dec 29 12:50:56 6540: As9 LCP: PFC (0x0702)
Dec 29 12:50:56 6541: As9 LCP: ACFC (0x0802)
Dec 29 12:50:58 6542: As9 LCP: State is Open
Dec 29 12:50:58 6543: As9 PPP: Phase is UP
Dec 29 12:50:58 6544: As9 IPCP: O CONFREQ [Closed] id 1 len 10
Dec 29 12:50:58 6545: As9 IPCP: Address xxx.x.xx.10 (0x0xxxxxxxxxxx)
Dec 29 12:50:58 6546: As9 LCP: I IDENTIFY [Open] id 2 len 18 magic 0x00001FF6 MSRASV4.00
Dec 29 12:50:58 6547: As9 LCP: I IDENTIFY [Open] id 3 len 22 magic 0x00001FF6 MSRAS-0-ADMIN2
Dec 29 12:50:58 6548: As9 CCP: I CONFREQ [Not negotiated] id 4 len 10
Dec 29 12:50:58 6549: As9 CCP: MS-PPC supported bits 0x00000001 (0x120600000001)
Dec 29 12:50:58 6550: As9 LCP: O PROTREJ [Open] id 81 len 16 protocol CCP (0x80FD0104000A120600000001)
Dec 29 12:50:58 6551: As9 IPCP: I CONFREQ [REQsent] id 5 len 34
Dec 29 12:50:58 6552: As9 IPCP: Address 0.0.0.0 (0x030600000000)
Dec 29 12:50:58 6553: As9 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Dec 29 12:50:58 6554: As9 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Dec 29 12:50:58 6555: As9 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Dec 29 12:50:58 6556: As9 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Dec 29 12:50:58 6557: AAA/AUTHOR/IPCP As9: Start. Her address 0.0.0.0, we want xxx.x.xx.61
Dec 29 12:50:58 6558: AAA/AUTHOR/IPCP As9: Done. Her address 0.0.0.0, we want xxx.x.xx.61
Dec 29 12:50:58 6559: As9 IPCP: O CONFREJ [REQsent] id 5 len 16
Dec 29 12:50:58 6560: As9 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Dec 29 12:50:58 6561: As9 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Dec 29 12:50:58 6562: As9 IPCP: I CONFACK [REQsent] id 1 len 10
Dec 29 12:50:58 6563: As9 IPCP: Address xxx.x.xx.10 (0x0xxxxxxxxxxx)
Dec 29 12:50:58 6564: As9 IPCP: I CONFREQ [ACKrcvd] id 6 len 22
Dec 29 12:50:58 6565: As9 IPCP: Address 0.0.0.0 (0x030600000000)
Dec 29 12:50:58 6566: As9 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Dec 29 12:50:58 6567: As9 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Dec 29 12:50:58 6568: AAA/AUTHOR/IPCP As9: Start. Her address 0.0.0.0, we want xxx.x.xx.61
Dec 29 12:50:58 6574: AAA/AUTHOR/IPCP As9: Done. Her address 0.0.0.0, we want xxx.x.xx.61
Dec 29 12:50:58 6575: As9 IPCP: O CONFNAK [ACKrcvd] id 6 len 22
Dec 29 12:50:58 6576: As9 IPCP: Address xxx.x.xx.61 (0x0xxxxxxxxxxx)
Dec 29 12:50:58 6577: As9 IPCP: PrimaryDNS xxx.x.xx.2 (0x8xxxxxxxxxxx)
Dec 29 12:50:58 6578: As9 IPCP: SecondaryDNS xxx.x.xx.4 (0x8xxxxxxxxxxx)
Dec 29 12:50:58 6579: As9 IPCP: I CONFREQ [ACKrcvd] id 7 len 22
Dec 29 12:50:58 6580: As9 IPCP: Address xxx.x.xx.61 (0x0xxxxxxxxxxx)
Dec 29 12:50:58 6581: As9 IPCP: PrimaryDNS xxx.x.xx.2 (0x8xxxxxxxxxxx)
Dec 29 12:50:59 6582: As9 IPCP: SecondaryDNS xxx.x.xx.4 (0x8xxxxxxxxxxx)
Dec 29 12:50:59 6583: AAA/AUTHOR/IPCP As9: Start. Her address xxx.x.xx.61, we want xxx.x.xx.61
Dec 29 12:50:59 6584: AAA/AUTHOR/IPCP As9: Done. Her address xxx.x.xx.61, we want xxx.x.xx.61
> Dec 29 12:50:59 6585: As9 IPCP: O CONFACK [ACKrcvd] id 7 len 22
> Dec 29 12:50:59 6586: As9 IPCP: Address xxx.x.xx.61 (0x0xxxxxxxxxxx)
> Dec 29 12:50:59 6587: As9 IPCP: PrimaryDNS xxx.x.xx.2 (0x8xxxxxxxxxxx)
> Dec 29 12:50:59 6588: As9 IPCP: SecondaryDNS xxx.x.xx.4 (0x8xxxxxxxxxxx)
Адреса DNS серверов правильно отдались.
Dec 29 12:50:59 6589: As9 IPCP: State is Open
Dec 29 12:50:59 6590: As9 IPCP: Install route to xxx.x.xx.61
Dec 29 12:51:57 6596: %SYS-5-CONFIG_I: Configured from console by vty0 (xxx.x.xx.8)
А это я сделал:
conf t
no tacacs-server host xxx.x.xx.2
На этом сервере запущено такакс.
tacacs-server host xxx.x.xx.8
А на этом его нет. Имитирую упавший такакс сервер.
^Z
wr
Теперь AAA пойдет через радиус сервер.
Dec 29 12:52:19 6668: As11 LCP: I CONFREQ [Closed] id 7 len 20
Dec 29 12:52:19 6669: As11 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:52:19 6670: As11 LCP: MagicNumber 0x00E66CD9 (0x050600E66CD9)
Dec 29 12:52:19 6671: As11 LCP: PFC (0x0702)
Dec 29 12:52:19 6672: As11 LCP: ACFC (0x0802)
Dec 29 12:52:19 6673: As11 LCP: Lower layer not up, discarding packet
Dec 29 12:52:19 6674: As11 PPP: Treating connection as a dedicated line
Dec 29 12:52:20 6675: As11 PPP: Phase is ESTABLISHING, Active Open
Dec 29 12:52:20 6676: As11 LCP: O CONFREQ [Closed] id 139 len 20
Dec 29 12:52:20 6677: As11 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:52:20 6678: As11 LCP: MagicNumber 0xFFDE6070 (0x0506FFDE6070)
Dec 29 12:52:20 6679: As11 LCP: PFC (0x0702)
Dec 29 12:52:20 6680: As11 LCP: ACFC (0x0802)
Dec 29 12:52:20 6681: As11 LCP: I CONFACK [REQsent] id 139 len 20
Dec 29 12:52:20 6682: As11 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:52:20 6683: As11 LCP: MagicNumber 0xFFDE6070 (0x0506FFDE6070)
Dec 29 12:52:20 6684: As11 LCP: PFC (0x0702)
Dec 29 12:52:20 6685: As11 LCP: ACFC (0x0802)
Dec 29 12:52:22 6690: As11 LCP: TIMEout: Time 0x1FBEF1E4 State ACKrcvd
Dec 29 12:52:22 6691: As11 LCP: O CONFREQ [ACKrcvd] id 140 len 20
Dec 29 12:52:22 6692: As11 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:52:22 6693: As11 LCP: MagicNumber 0xFFDE6070 (0x0506FFDE6070)
Dec 29 12:52:22 6694: As11 LCP: PFC (0x0702)
Dec 29 12:52:22 6695: As11 LCP: ACFC (0x0802)
Dec 29 12:52:22 6702: As11 LCP: I CONFREQ [REQsent] id 8 len 20
Dec 29 12:52:22 6703: As11 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:52:22 6704: As11 LCP: MagicNumber 0x00E66CD9 (0x050600E66CD9)
Dec 29 12:52:22 6705: As11 LCP: PFC (0x0702)
Dec 29 12:52:22 6706: As11 LCP: ACFC (0x0802)
Dec 29 12:52:22 6707: As11 LCP: O CONFACK [REQsent] id 8 len 20
Dec 29 12:52:22 6708: As11 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:52:22 6709: As11 LCP: MagicNumber 0x00E66CD9 (0x050600E66CD9)
Dec 29 12:52:22 6710: As11 LCP: PFC (0x0702)
Dec 29 12:52:22 6711: As11 LCP: ACFC (0x0802)
Dec 29 12:52:22 6712: As11 LCP: I CONFACK [ACKsent] id 140 len 20
Dec 29 12:52:22 6713: As11 LCP: ACCM 0x000A0000 (0x0206000A0000)
Dec 29 12:52:22 6714: As11 LCP: MagicNumber 0xFFDE6070 (0x0506FFDE6070)
Dec 29 12:52:22 6715: As11 LCP: PFC (0x0702)
Dec 29 12:52:22 6716: As11 LCP: ACFC (0x0802)
Dec 29 12:52:22 6717: As11 LCP: State is Open
Dec 29 12:52:28 6724: As11 PPP: Phase is UP
Dec 29 12:52:34 6734: As11 IPCP: O CONFREQ [Closed] id 167 len 10
Dec 29 12:52:34 6735: As11 IPCP: Address xxx.x.xx.10 (0x0xxxxxxxxxxx)
Dec 29 12:52:34 6751: As11 IPCP: I CONFREQ [REQsent] id 1 len 40
Dec 29 12:52:34 6752: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6753: As11 IPCP: Address 0.0.0.0 (0x030600000000)
Dec 29 12:52:34 6754: As11 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Dec 29 12:52:34 6755: As11 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Dec 29 12:52:34 6756: As11 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Dec 29 12:52:34 6757: As11 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Dec 29 12:52:34 6758: AAA/AUTHOR/IPCP As11: Start. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6759: AAA/AUTHOR/IPCP As11: Done. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6760: As11 IPCP: O CONFREJ [REQsent] id 1 len 22
Dec 29 12:52:34 6761: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6762: As11 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Dec 29 12:52:34 6763: As11 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Dec 29 12:52:34 6776: As11 IPCP: I CONFREQ [REQsent] id 2 len 40
Dec 29 12:52:34 6777: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6778: As11 IPCP: Address 0.0.0.0 (0x030600000000)
Dec 29 12:52:34 6779: As11 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Dec 29 12:52:34 6780: As11 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Dec 29 12:52:34 6781: As11 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Dec 29 12:52:34 6782: As11 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Dec 29 12:52:34 6783: AAA/AUTHOR/IPCP As11: Start. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6784: AAA/AUTHOR/IPCP As11: Done. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6785: As11 IPCP: O CONFREJ [REQsent] id 2 len 22
Dec 29 12:52:34 6786: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6787: As11 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Dec 29 12:52:34 6788: As11 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Dec 29 12:52:34 6789: As11 IPCP: I CONFREQ [REQsent] id 3 len 16
Dec 29 12:52:34 6790: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6791: As11 IPCP: Address 0.0.0.0 (0x030600000000)
Dec 29 12:52:34 6792: AAA/AUTHOR/IPCP As11: Start. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6793: AAA/AUTHOR/IPCP As11: Done. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6794: As11 IPCP: O CONFREJ [REQsent] id 3 len 10
Dec 29 12:52:34 6795: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6796: As11 IPCP: I CONFREQ [REQsent] id 4 len 16
Dec 29 12:52:34 6797: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6798: As11 IPCP: Address 0.0.0.0 (0x030600000000)
Dec 29 12:52:34 6799: AAA/AUTHOR/IPCP As11: Start. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6800: AAA/AUTHOR/IPCP As11: Done. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:34 6801: As11 IPCP: O CONFREJ [REQsent] id 4 len 10
Dec 29 12:52:34 6802: As11 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
Dec 29 12:52:34 6815: As11 IPCP: I CONFACK [REQsent] id 167 len 10
Dec 29 12:52:36 6816: As11 IPCP: Address xxx.x.xx.10 (0x0xxxxxxxxxxx)
Dec 29 12:52:36 6818: As11 IPCP: I CONFREQ [ACKrcvd] id 5 len 10
Dec 29 12:52:36 6819: As11 IPCP: Address 0.0.0.0 (0x030600000000)
Dec 29 12:52:36 6820: AAA/AUTHOR/IPCP As11: Start. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:36 6821: AAA/AUTHOR/IPCP As11: Done. Her address 0.0.0.0, we want xxx.x.xx.43
Dec 29 12:52:36 6822: As11 IPCP: O CONFNAK [ACKrcvd] id 5 len 10
Dec 29 12:52:36 6823: As11 IPCP: Address xxx.x.xx.43 (0x0xxxxxxxxxxx)
Dec 29 12:52:36 6824: As11 IPCP: I CONFREQ [ACKrcvd] id 6 len 10
Dec 29 12:52:36 6825: As11 IPCP: Address xxx.x.xx.43 (0x0xxxxxxxxxxx)
Dec 29 12:52:36 6826: AAA/AUTHOR/IPCP As11: Start. Her address xxx.x.xx.43, we want xxx.x.xx.43
Dec 29 12:52:36 6827: AAA/AUTHOR/IPCP As11: Done. Her address xxx.x.xx.43, we want xxx.x.xx.43
Dec 29 12:52:36 6828: As11 IPCP: O CONFACK [ACKrcvd] id 6 len 10
Dec 29 12:52:36 6829: As11 IPCP: Address xxx.x.xx.43 (0x0xxxxxxxxxxx)
Dec 29 12:52:36 6830: As11 IPCP: State is Open
Dec 29 12:52:36 6831: As11 IPCP: Install route to xxx.x.xx.43
В этом случае, адреса DNS серверов не отдались клиенту. Кто-нибудь
может это обьяснить?
--
DSS5-RIPE DSS-RIPN 2:550/5068@fidonet 2:550/5069@fidonet
mailto:dsh@vlink.ru
Key fingerprint = 46 C8 1B 3B 15 1F 64 B0 38 0B 28 CE B0 75 7B E9
=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on
