RADIUS Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
RADIUS VC Logging
Downloads: This chapterpdf (PDF - 123.0KB) The complete bookPDF (PDF - 867.0KB) | Feedback

RADIUS VC Logging

RADIUS VC Logging

Last Updated: September 30, 2012

RADIUS Virtual Circuit (VC) Logging allows the Cisco IOS XE to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.

With RADIUS VC Logging enabled, the RADIUS network access server (NAS)-port field is extended and modified to carry VPI/VCI information. This information is logged in the RADIUS accounting record that was created at session startup.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

How to Configure RADIUS VC logging

Configuring the NME Interface IP Address on the NSP

The NAS-IP-Address field in the RADIUS accounting packet contains the IP address of the Network Management Ethernet (NME) port on the Network Service provider (NSP), even if the NME is shut down. If your Network Route Processor (NRP) does not use a DHCP server to obtain an IP address, you must configure a static IP address. Perform the following steps to configure a static combined NME IP address.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface BVI bridge-group

4.    ip address address subnet

5.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
interface BVI bridge-group


Example:

Router(config)# interface BVI1

 

Selects the combined Bridge-Group Virtual Interface (BVI) NME interface and enters interface configuration mode.

 
Step 4
ip address address subnet


Example:

Router(config-if)# ip address 209.165.200.225 255.255.255.224

 

Configures a static IP and subnetwork address.

 
Step 5
exit


Example:

Router(config)# exit

 

Exits interface configuration mode.

 

Configuring the NME IP address

You can use the Gigabit Ethernet port as a separate NME interface instead of the combined NME interface. Perform the following steps to configure the NME IP address.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface GigabitEthernet number

4.    ip address address mask

5.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
interface GigabitEthernet number


Example:

Router(config)# interface GigabitEthernet 0/0/0

 

Selects the NME interface.

 
Step 4
ip address address mask


Example:

Router(config-if)# ip address 209.165.200.225 255.255.255.224

 

Configures a static IP and subnetwork address.

Note    You must configure the NME IP address before configuring PVCs on the NRP. Otherwise the NAS-IP-Address field in the RADIUS accounting packet will contain an incorrect IP address.
 
Step 5
exit


Example:

Router(config)# exit

 

Exits configuration mode.

 

Configuring RADIUS VC Logging on the NRP

Perform the following steps to configure RADIUS VC logging.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    radius-server attribute nas-port format d

4.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
radius-server attribute nas-port format d


Example:

Router(config)# radius-server attribute nas-port format d

 

Selects the ATM VC (virtual circuit) extended format for the NAS port field.

 
Step 4
exit


Example:

Router(config)# exit

 

Exits interface configuration mode.

 

Verifying the NME Interface IP Address

To verify the NME IP address, enter the show interface bvi1 or show interface e0/0/0EXEC command on the NSP. Check the Internet address statement (indicated with an arrow).

Router# show interface bvi1BVI1 is up, line protocol is up 
  Hardware is BVI, address is 0010.7ba9.c783 (bia 0000.0000.0000) 
	   MTU 1500 bytes, BW 10000 Kbit, DLY 5000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type:ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy:fifo
  Output queue 0/0, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1540 packets input, 302775 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     545 packets output, 35694 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

Verifying RADIUS VC Logging on the NRP

To verify RADIUS VC logging on the RADIUS server, examine a RADIUS accounting packet. If RADIUS VC logging is enabled on the Cisco IOS XE software, the RADIUS accounting packet will appear similar to the following example:

Wed Jun 16 13:57:31 1999
NAS-IP-Address = 192.168.100.192
NAS-Port = 268566560
NAS-Port-Type = Virtual
User-Name = "cisco"
Acct-Status-Type = Start
Service-Type = Framed
Acct-Session-Id = "1/0/0/2.32_00000009"
Framed-Protocol = PPP
Framed-IP-Address = 172.16.7.254
Acct-Delay-Time = 0

The NAS-Port field shows that RADIUS VC logging is enabled. If this line does not appear in the display, then RADIUS VC logging is not enabled on the Cisco IOS XE software.

The Acct-Session-Id field should also identify the incoming NSP interface and VPI/VCI information, in this format:

Acct-Session-Id = "slot/subslot/port/VPI.VCI_acct-session-id"

Configuration Examples for RADIUS VC Logging

Example Configuring the NME Interface IP Address on the NSP

The following example shows how to configure a static IP and subnetwork address for the Bridge-Group Virtual Interface:

Router> enable
Router# configure terminal
Router(config)# interface BVI1
ip address 209.165.200.225 255.255.255.224
Router(config)# exit

Example Configuring the NME IP address

The following example shows how to configure the GigabitEthernet interface:

Router> enable
Router# configure terminal
Router(config)# interface GigabitEthernet 0/0/0
Router(config-if)# ip address 209.165.200.225 255.255.255.224
Router(config)# exit

Example Configuring RADIUS VC Logging on the NRP

The following example shows how to configure the RADIUS VC logging on the NRP:

Router> enable
Router# configure terminal
Router(config)# radius-server attribute nas-port format d
Router(config)# exit

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Security Commands List, All Releases

MIBs

MIB

MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for RADIUS VC Logging

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for Zone-Based Policy Firewall

Feature Name

Releases

Feature Configuration Information

RADIUS VC Logging

Cisco IOS XE Release 3.1S

RADIUS Virtual Circuit (VC) Logging allows the Cisco IOS XE software to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2012 Cisco Systems, Inc. All rights reserved.