Does it work any better if you use Cisco-AVPairs = “ip:inacl=MY_ACL”
Regards, Chris Jones > On 19 Sep 2020, at 05:29, Mike <[email protected]> wrote: > > Hi, > > I got another one - > > Playing with my asr920 I have it working as a pppoe server. I notice > that if I have a radius attribute returned "Filter-Id" with the name of > a filter already on the box, the pppoe session doesn't come up and > throws an error: > > Sep 18 12:11:13.636 PDT: RADIUS: Received from id 1645/45 > 100.127.248.10:1812, Access-Accept, len 119 > Sep 18 12:11:13.637 PDT: RADIUS: authenticator FC CA B3 DE 64 4C C6 81 > - 1E B3 E3 2F 6F 91 E0 78 > Sep 18 12:11:13.637 PDT: RADIUS: Framed-Protocol [7] 6 > PPP [1] > Sep 18 12:11:13.637 PDT: RADIUS: Framed-Compression [13] 6 VJ > TCP/IP Header Compressi[1] > Sep 18 12:11:13.637 PDT: RADIUS: Framed-IP-Address [8] 6 > 100.127.248.222 > Sep 18 12:11:13.637 PDT: RADIUS: Vendor, Cisco [26] 58 > Sep 18 12:11:13.637 PDT: RADIUS: ssg-service-info [251] 52 > "QU;4500000;843750;1687500;D;4500000;843750;1687500" > Sep 18 12:11:13.637 PDT: RADIUS: Filter-Id [11] 23 > Sep 18 12:11:13.637 PDT: RADIUS: 63 75 73 74 6F 6D 65 72 5F 69 6E 62 > 6F 75 6E 64 [customer_inbound] > Sep 18 12:11:13.637 PDT: RADIUS: 31 2E 6F 75 74 [ 1.out] > Sep 18 12:11:13.637 PDT: RADIUS(0000003F): Received from id 1645/45 > Sep 18 12:11:13.638 PDT: %SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR: > Service () is configured incorrectly, service_failed event will be thrown > > if I remove the Filter-Id, this error goes away. the referenced filter > (access-list) does exist. Not sure what the issue here is. Anyone know? > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
