RADIUS Configuration Guide Cisco IOS XE Release 3S
RADIUS VC Logging
Downloads: This chapterpdf (PDF - 1.27MB) The complete bookPDF (PDF - 3.43MB) | The complete bookePub (ePub - 458.0KB) | Feedback

RADIUS VC Logging

RADIUS Virtual Circuit (VC) Logging allows the Cisco IOS XE to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.

With RADIUS VC Logging enabled, the RADIUS network access server (NAS)-port field is extended and modified to carry VPI/VCI information. This information is logged in the RADIUS accounting record that was created at session startup.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

How to Configure RADIUS VC logging

Configuring the NME Interface IP Address on the NSP

The NAS-IP-Address field in the RADIUS accounting packet contains the IP address of the Network Management Ethernet (NME) port on the Network Service provider (NSP), even if the NME is shut down. If your Network Route Processor (NRP) does not use a DHCP server to obtain an IP address, you must configure a static IP address. Perform the following steps to configure a static combined NME IP address.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    interface BVI bridge-group

    4.    ip address address subnet

    5.    exit


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 interface BVI bridge-group


    Example:
    Router(config)# interface BVI1
     

    Selects the combined Bridge-Group Virtual Interface (BVI) NME interface and enters interface configuration mode.

     
    Step 4 ip address address subnet


    Example:
    Router(config-if)# ip address 209.165.200.225 255.255.255.224
     

    Configures a static IP and subnetwork address.

     
    Step 5 exit


    Example:
    Router(config)# exit
     

    Exits interface configuration mode.

     

    Configuring the NME IP address

    You can use the Gigabit Ethernet port as a separate NME interface instead of the combined NME interface. Perform the following steps to configure the NME IP address.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface GigabitEthernet number

      4.    ip address address mask

      5.    exit


    DETAILED STEPS
        Command or Action Purpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 interface GigabitEthernet number


      Example:
      Router(config)# interface GigabitEthernet 0/0/0
       

      Selects the NME interface.

       
      Step 4 ip address address mask


      Example:
      Router(config-if)# ip address 209.165.200.225 255.255.255.224
       

      Configures a static IP and subnetwork address.

      Note   

      You must configure the NME IP address before configuring PVCs on the NRP. Otherwise the NAS-IP-Address field in the RADIUS accounting packet will contain an incorrect IP address.

       
      Step 5 exit


      Example:
      Router(config)# exit
       

      Exits configuration mode.

       

      Configuring RADIUS VC Logging on the NRP

      Perform the following steps to configure RADIUS VC logging.

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    radius-server attribute nas-port format d

        4.    exit


      DETAILED STEPS
          Command or Action Purpose
        Step 1 enable


        Example:
        Router> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 configure terminal


        Example:
        Router# configure terminal
         

        Enters global configuration mode.

         
        Step 3 radius-server attribute nas-port format d


        Example:
        Router(config)# radius-server attribute nas-port format d
         

        Selects the ATM VC (virtual circuit) extended format for the NAS port field.

         
        Step 4 exit


        Example:
        Router(config)# exit
         

        Exits interface configuration mode.

         

        Verifying the NME Interface IP Address

        To verify the NME IP address, enter the show interface bvi1 or show interface e0/0/0EXEC command on the NSP. Check the Internet address statement (indicated with an arrow).

        Router# show interface bvi1BVI1 is up, line protocol is up 
          Hardware is BVI, address is 0010.7ba9.c783 (bia 0000.0000.0000) 
        	   MTU 1500 bytes, BW 10000 Kbit, DLY 5000 usec, 
             reliability 255/255, txload 1/255, rxload 1/255
          Encapsulation ARPA, loopback not set
          ARP type:ARPA, ARP Timeout 04:00:00
          Last input never, output never, output hang never
          Last clearing of "show interface" counters never
          Queueing strategy:fifo
          Output queue 0/0, 0 drops; input queue 0/75, 0 drops
          5 minute input rate 0 bits/sec, 0 packets/sec
          5 minute output rate 0 bits/sec, 0 packets/sec
             1540 packets input, 302775 bytes, 0 no buffer
             Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
             0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
             545 packets output, 35694 bytes, 0 underruns
             0 output errors, 0 collisions, 0 interface resets
             0 output buffer failures, 0 output buffers swapped out

        Verifying RADIUS VC Logging on the NRP

        To verify RADIUS VC logging on the RADIUS server, examine a RADIUS accounting packet. If RADIUS VC logging is enabled on the Cisco IOS XE software, the RADIUS accounting packet will appear similar to the following example:

        Wed Jun 16 13:57:31 1999
        NAS-IP-Address = 192.168.100.192
        NAS-Port = 268566560
        NAS-Port-Type = Virtual
        User-Name = "cisco"
        Acct-Status-Type = Start
        Service-Type = Framed
        Acct-Session-Id = "1/0/0/2.32_00000009"
        Framed-Protocol = PPP
        Framed-IP-Address = 172.16.7.254
        Acct-Delay-Time = 0
        

        The NAS-Port field shows that RADIUS VC logging is enabled. If this line does not appear in the display, then RADIUS VC logging is not enabled on the Cisco IOS XE software.

        The Acct-Session-Id field should also identify the incoming NSP interface and VPI/VCI information, in this format:

        Acct-Session-Id = "slot/subslot/port/VPI.VCI_acct-session-id"

        Configuration Examples for RADIUS VC Logging

        Example Configuring the NME Interface IP Address on the NSP

        The following example shows how to configure a static IP and subnetwork address for the Bridge-Group Virtual Interface:

        Router> enable
        Router# configure terminal
        Router(config)# interface BVI1
        ip address 209.165.200.225 255.255.255.224
        Router(config)# exit
        

        Example Configuring the NME IP address

        The following example shows how to configure the GigabitEthernet interface:

        Router> enable
        Router# configure terminal
        Router(config)# interface GigabitEthernet 0/0/0
        Router(config-if)# ip address 209.165.200.225 255.255.255.224
        Router(config)# exit
        

        Example Configuring RADIUS VC Logging on the NRP

        The following example shows how to configure the RADIUS VC logging on the NRP:

        Router> enable
        Router# configure terminal
        Router(config)# radius-server attribute nas-port format d
        Router(config)# exit

        Additional References

        Related Documents

        Related Topic

        Document Title

        Cisco IOS commands

        Cisco IOS Master Security Commands List, All Releases

        MIBs

        MIB

        MIBs Link

        None

        To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        RFCs

        RFC

        Title

        Technical Assistance

        Description

        Link

        The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

        To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

        Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

        Feature Information for RADIUS VC Logging

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Table 1 Feature Information for Zone-Based Policy Firewall

        Feature Name

        Releases

        Feature Configuration Information

        RADIUS VC Logging

        Cisco IOS XE Release 3.1S

        RADIUS Virtual Circuit (VC) Logging allows the Cisco IOS XE software to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.