RV220W - Wrong NAS Port-Type using RADIUS for 802.11

Similar Messages

• Nas-port and nas-port-type

  I recently replaced my home 1721 running 12.4(3g) with a demo UC520 running 12.4(11r)XW from work to become more familiar with it. I had my 1721 setup for PPTP dial-in with RADIUS authentication back to an SBS 2008 and everything worked great. When I swapped out for the UC520 with the same AAA settings it would not connect. Further inspection found that the nas-port-type and nas-port aaa attributes were not being passed to the RADIUS server so the VPN Access Policy was not being used. Is this a bug or do I need to tweak a few things for this version of IOS?
  Any tips would be appreciated.
  I recently replaced my home 1721 running 12.4(3g) with a demo UC520 running 12.4(11r)XW from work to get more familiar with it. I had my 1721 setup for PPTP dial-in with RADIUS authentication back to an SBS 2008 and everything worked great. When I swapped out for the 520 with the same AAA settings it would not connect. Further inspection found that the nas-port-type and nas-port aaa attributes were not being passed to the RADIUS server so the VPN Access Policy was not being used. Is this a bug or do I need to tweak a few things for this version of IOS?
  Any tips would be appreciated.

  Make sure that you have configured the ISAKMP policy in UC520.

• Getting error wrong number or type of parameters for EAM_PROCESS_WO_PUB

  Hi All,
  I am Getting error wrong number or type of parameters for EAM_WO_PROCESS_PUB.PROCESS_WO API, pls any body can help me,pls send code for
  EAM_WO_PROCESS_PUB.PROCESS_WO API.
  Thanks&Reagrds,
  Hanimi Reddy.

  Hi srini,
  I developed code for work order api EAM_PROCESS_WO_PUB.PROCESS_MASTER_CHILD_WO following and i am getting error wrong number or types of arguments in call to 'PROCESS_MASTER_CHILD_WO, pls see the code and help me
  CREATE OR REPLACE PROCEDURE SANG_WR_TO_WO_API/*(ERRBUF OUT VARCHAR2, RETCODE OUT VARCHAR2)*/ IS
  v_created_by number;
  v_updated_by number;
  v_updated_name varchar2(30);
  V_ENTITY_ID VARCHAR2(30);
  l_EAM_WO_RELATIONS_TBL EAM_PROCESS_WO_PUB.EAM_WO_RELATIONS_TBL_type ;
  --:= EAM_PROCESS_WO_PUB.g_miss_EAM_WO_RELATIONS_rec;
  l_eam_wo_tbl EAM_PROCESS_WO_PUB.eam_wo_rec_type; --:= EAM_PROCESS_WO_PUB.G_MISS_EAM_WO_rec;
  l_eam_op_tbl EAM_PROCESS_WO_PUB.eam_op_tbl_type ;--:= EAM_PROCESS_WO_PUB.G_MISS_eam_op_tbl;
  l_eam_op_network_tbl EAM_PROCESS_WO_PUB.eam_op_network_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_op_network_tbl;
  l_eam_res_tbl EAM_PROCESS_WO_PUB.eam_res_tbl_type;--:= EAM_PROCESS_WO_PUB.G_MISS_eam_res_tbl;
  l_eam_res_inst_tbl EAM_PROCESS_WO_PUB.eam_res_inst_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_res_inst_tbl;
  l_eam_sub_res_tbl EAM_PROCESS_WO_PUB.eam_sub_res_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_sub_res_tbl ;
  -- l_eam_res_usage_tbl EAM_PROCESS_WO_PUB.eam_res_usage_tbl_type := EAM_PROCESS_WO_PUB.G_MISS_eam_res_usage_tbl;
  l_eam_mat_req_tbl EAM_PROCESS_WO_PUB.eam_mat_req_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_mat_req_tbl ;
  l_eam_direct_items_tbl EAM_PROCESS_WO_PUB.eam_direct_items_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_direct_items_tbl ;
  l_x_eam_wo_tbl EAM_PROCESS_WO_PUB.eam_wo_rec_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_wo_rec;
  l__x_EAM_WO_RELATIONS_TBL EAM_PROCESS_WO_PUB.EAM_WO_RELATIONS_TBL_type ;--:= EAM_PROCESS_WO_PUB.g_miss_EAM_WO_RELATIONS_TBL;
  l_x_eam_op_tbl EAM_PROCESS_WO_PUB.eam_op_rec_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_op_rec ;
  l_x_eam_op_network_tbl EAM_PROCESS_WO_PUB.eam_op_network_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_op_network_tbl;
  l_x_eam_res_tbl EAM_PROCESS_WO_PUB.eam_res_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_res_tbl;
  l_x_eam_res_inst_tbl EAM_PROCESS_WO_PUB.eam_res_inst_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_res_inst_tbl ;
  l_x_eam_sub_res_tbl EAM_PROCESS_WO_PUB.eam_sub_res_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_sub_res_tbl;
  -- l_x_eam_res_usage_tbl EAM_PROCESS_WO_PUB.eam_res_usage_tbl_type := EAM_PROCESS_WO_PUB.G_MISS_eam_res_usage_tbl ;
  l_x_eam_mat_req_tbl EAM_PROCESS_WO_PUB.eam_mat_req_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_mat_req_tbl;
  l_x_eam_direct_items_tbl EAM_PROCESS_WO_PUB.eam_direct_items_tbl_type; --:= EAM_PROCESS_WO_PUB.G_MISS_eam_direct_items_tbl ;
  l_x_return_status VARCHAR2(30);
  l_x_msg_count NUMBER;
  l_x_debug VARCHAR2(30);
  l_output_dir VARCHAR2(30);
  l_debug_filename VARCHAR2(30) ;
  l_debug_file_mode VARCHAR2(30) ;
  CURSOR CUR_WTW IS
  SELECT
  EWR.WIP_ENTITY_ID
  ,EWR.WIP_ENTITY_NAME
  ,EWR.ORGANIZATION_ID
  ,WAC.ORGANIZATION_CODE
  ,EWR.DESCRIPTION
  ,EWR.ASSET_GROUP_ID
  ,EWR.ASSET_NUMBER
  ,EWR.ASSET_NUMBER_DESCRIPTION
  ,WAC.ACCOUNTING_CLASS
  ,WAC.MATERIAL_ACCOUNT
  ,WAC.MATERIAL_OVERHEAD_ACCOUNT
  ,WAC.RESOURCE_ACCOUNT
  ,WAC.OUTSIDE_PROCESSING_ACCOUNT
  ,WAC.MATERIAL_VARIANCE_ACCOUNT
  ,WAC.RESOURCE_VARIANCE_ACCOUNT
  ,WAC.OUTSIDE_PROC_VARIANCE_ACCOUNT
  ,WAC.STD_COST_ADJUSTMENT_ACCOUNT
  ,WAC.OVERHEAD_ACCOUNT
  ,WAC.OVERHEAD_VARIANCE_ACCOUNT
  ,EWR.WORK_REQUEST_OWNING_DEPT_ID
  ,EWR.WORK_REQUEST_OWNING_DEPT
  ,EWR.WORK_REQUEST_PRIORITY_ID
  ,EWR.WORK_REQUEST_PRIORITY
  ,EWR.WORK_REQUEST_STATUS_ID
  ,WAC.ORGANIZATION_NAME
  FROM
  WIP_EAM_WORK_REQUESTS_V EWR
  ,WIPFV_ACCOUNTING_CLASSES WAC
  ,WIP_EAM_PARAMETERS WAP
  WHERE
  EWR.ORGANIZATION_ID = WAC.ORGANIZATION_ID
  AND WAC.ORGANIZATION_ID = WAP.ORGANIZATION_ID
  AND WAC.ACCOUNTING_CLASS = WAP.DEFAULT_EAM_CLASS
  AND EWR.WORK_REQUEST_STATUS = 'Awaiting Work Order';
  BEGIN
  --i number := 1;
  FND_GLOBAL.apps_initialize (1001255, 50326, 700, 0);
  V_CREATED_BY := FND_GLOBAL.USER_ID;
  V_UPDATED_BY := FND_GLOBAL.USER_ID;
  v_updated_name := FND_GLOBAL.USER_name;
  for rec in cur_wtw loop
  l_eam_wo_tbl.WIP_ENTITY_ID := rec.wip_entity_id;
  l_eam_wo_tbl.ORGANIZATION_ID := rec.ORGANIZATION_ID ;
  l_eam_wo_tbl.ASSET_NUMBER := rec.ASSET_NUMBER;
  l_eam_wo_tbl.ASSET_GROUP_ID := rec.ASSET_GROUP_ID ;
  l_eam_wo_tbl.DESCRIPTION := rec.DESCRIPTION ;
  --SELECT WIP_ENTITIES_S.NEXTval INTO V_ENTITY_ID FROM DUAL;
  EAM_PROCESS_WO_PUB.PROCESS_MASTER_CHILD_WO
  (P_PO_IDENTIFIER => 'EAM'
  ,P_API_VERSION_NUMBER => 1.0
  ,P_INIT_MSG_LIST => FALSE
  ,P_EAM_WO_RELATIONS_TBL => l_EAM_WO_RELATIONS_TBL
  ,P_EAM_WO_tbl => l_eam_wo_tbl
  , p_eam_op_tbl => l_eam_op_tbl
  , p_eam_op_network_tbl => l_eam_op_network_tbl
  , p_eam_res_tbl => l_eam_res_tbl
  , p_eam_res_inst_tbl => l_eam_res_inst_tbl
  , p_eam_sub_res_tbl => l_eam_sub_res_tbl
  --, p_eam_res_usage_tbl => l_eam_res_usage_tbl
  , p_eam_mat_req_tbl => l_eam_mat_req_tbl
  , p_eam_direct_items_tbl => l_eam_direct_items_tbl
  , x_eam_wo_tbl => l_x_eam_wo_tbl
  , X_EAM_WO_RELATIONS_TBL => l__x_EAM_WO_RELATIONS_TBL
  , x_eam_op_tbl => l_x_eam_op_tbl
  , x_eam_op_network_tbl => l_x_eam_op_network_tbl
  , x_eam_res_tbl => l_x_eam_res_tbl
  , x_eam_res_inst_tbl => l_x_eam_res_inst_tbl
  , x_eam_sub_res_tbl => l_x_eam_sub_res_tbl
  -- , x_eam_res_usage_tbl =>l_x_eam_res_usage_tbl
  , x_eam_mat_req_tbl => l_x_eam_mat_req_tbl
  , x_eam_direct_items_tbl => l_x_eam_direct_items_tbl
  , x_return_status => l_x_return_status
  , x_msg_count => l_x_msg_count
  ,p_commit =>'N'
  , p_debug => 'N'
  , p_output_dir => NULL
  , p_debug_filename => 'EAM_WO_DEBUG.log'
  , p_debug_file_mode => 'w'
  END LOOP;
  END SANG_WR_TO_WO_API;
  COMMIT;
  Thanks ,
  Hanimi

• AAA using Radius with 802.1x

  Hello there,
  We're going to be implementing 802.1x on our network of some reaallly old switches (6509 Cat OS with MSFC 2).  We use radius for AAA authentication and I've been reading that .1x uses radius.  How is that going to work?  Do I just add another radius server in my radius server command and, more importantly, will .1x work on Cat OS running 8.2.1?  I've been trowling the forums and I can't seem to find anyone who's actually running .1x on the old Cat OS switches to see what kind of gotchas I can expect to run into.
  Any advise, assistance would be greatly appreciated!
  Thanks
  Kiley

  Salodh,
  Thanks but that document is for a 2950 and we have a 6509 but, the good thing is I just found out our Tier 3 engineers will not be adding dot1x to the 6509 since it has only trunks - no access ports.  Thanks very much for your reply!

• 7206VXR using RADIUS for L2L

  I am a member of a team working on a solution to provide VPN connectivity to 2000 remote locations running BSD server. We consulted our Cisco SE about this and received a recommendation to purchase a 7206VXR and use RADIUS to provide the L2L configuration to the router. We are having difficulties getting information on how to complete the build. I am curious if anyone has any experience using a Cisco router and RADIUS to do L2L VPN? Is it possible? Thanks!

  Thanks George.
  Yes I tried it and it works. But with web-auth it works a bit stupid if you have LDAP or local as backup.
  With normal dot1x/EAP with radius if primary server rejects the request it does not try the secondary.
  With web auth, if you choose more than method (local, radius or LDAP), then if first method ejects the request it will try the next one.
  +5 from me to you as well
  Sent from Cisco Technical Support iPad App

• How to find service port oracle use.. for http... ftp.. ?

  Can any one tell me how to find what services ports does oracel uses for services like HTTP and FTP... ?
  Is there any commad that I can execute on SQL*PLUS console to find that ???

  Depends on the version of Oracle.
  If Oracle XE, or you are using XDB capability, you use
  SELECT dbms_xdb.gethttpport(), dbms_xdb.getftpport() from dual;
  and verify using lsnrctl status
  Otherwise you look at the Apache config files in $ORACLE_HOME/Apache/Apache/conf/httpd.*

• Which EAP Type to choose for 802.1x Wireless Policy?

  Hi everyone,
  i have a question about recommendation for EAP Type in a wireless policy:
  Which configuration is more secure/recommendet?
  a)
  Authentication Type: PEAP
  EAP Type: EAP-MSCHAP v2
  b)
  Authentication Type: EAP
  EAP Type: Certificate
  We have a working configuration with a) and could Change to b).
  Thanks,
  Andy

  Hi,
  Project a uses PEAP cooperate with EAP(EAP-MSCHAP v2) is more security/recommended.
  PEAP is a new member of the family of EAP protocols. To enhance both the EAP protocols and network security, PEAP provides:
  1. Protection for the EAP method negotiation that occurs between client and server through a TLS channel. This helps prevent an attacker from injecting packets between the client and the network access server (NAS) to cause the negotiation of a less secure
  EAP method. The encrypted TLS channel also helps prevent denial of service attacks against the IAS server.
  2. Support for the fragmentation and reassembly of messages, allowing the use of EAP types that do not provide this.
  3. Wireless clients with the ability to authenticate the IAS or RADIUS server. Because the server also authenticates the client, mutual authentication occurs.
  4. Protection against the deployment of an unauthorized wireless access point (WAP) when the EAP client authenticates the certificate provided by the IAS server. In addition, the TLS master secret created by the PEAP authenticator and client is not shared
  with the access point. Because of this, the access point cannot decrypt the messages protected by PEAP.
  5. PEAP fast reconnect, which reduces the delay in time between an authentication request by a client and the response by the IAS or RADIUS server, and allows wireless clients to move between access points without repeated requests for authentication.
  This reduces resource requirements for both client and server.
  You can choose between two EAP types for use with PEAP: EAP-MS-CHAPv2 or EAP-TLS. EAP-MS-CHAPv2 uses credentials (user name and password) for user authentication. EAP-TLS uses either certificates installed in the client computer certificate store or a smart
  card for user and client computer authentication. Comparatively, the second one is more security because public Key certificates provide a much stronger authentication method than those that use password-based credentials.
  Best Regards,           
  Eve Wang 

• Radius for 802.1x; Remote Access and Wireless authentication

  Looking to use a single Radius platform for authenticating Remote, wired and wireless users and machines. Anyone with some experience with that use to share some lessons learns...

  Hello Richard,
  there is a previous post from a user who wants to add authentication to his Cisco ACS Radius server for wireless clients, it might be worth contacting that user to see how he resolved this...here is the link to the thread:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Getting%20Started%20with%20LANs&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd9504e
  Also, have a look at the document below, which talks about the issue:
  Selecting an EAP Method: the RADIUS Authentication Server Component
  http://www.interlinknetworks.com/news/newsletters/20031104/tech.htm
  HTH,
  GP

• 802.1X for wired environments using Radius/ACS for Dynamic Vlan Assignment

  Currently Being Moderated
  802.1X for wired environments  using Radius/ACS for Dynamic Vlan Assignment
  Could someone please provide me with a simplest set of configuration steps to fire up Radius in ACS and 802.1X for dynamic vlan assignment. The objective is to roll out NAC L2 OOB using the 802.1X method for dymamic vlan assignments.
  If possible show:
  1. ACS/Radius Configurations.
  2. End User Switch Configurations
  Variables:
  Switch A
  MAC Address aaaa.bbbb.cccc     Vlan 10
              bbbb.cccc.dddd     Vlan 20
  Also, if someone posts the Pros and Cons of using Radius/ACS/802.1X for Dynamic Vlan Assignments.
  Other technology sets that can be used for Dynamic Vlan assignment EXCEPT from deprecated/obsolete VMPS.
  Thanks in advance. .

  Hi Guys,
      Hmmm, well if your just looking for Mac based authentication the good news is that is very easy.  Just set create your Radius server, ACS, FreeRadius, Steelbelted radius etc.  Then create user with the name of the Mac address, in other words if the mac address is 0012.0021.1122 the the name would be 001200211122 and the password would be the mac address.  Then you set the vlan and tunnel stuff, like so tunnel-Type would be vlan, Tunnel-medium would be 802 and Tunnel-Private-Group-ID is the name of the vlan(not the vlan number)
     So for the Cisco ACS 4.x you would create a user as specified above, fill in all the password boxes with MAC address, I believe the mac has to be all lower case in the name and the password.  Then check the Separate(Chap/MS-Chap/ARAP) box.  Then you pick the group the machine belongs to, the group is the part that defines what vlan it is on.
     Before you create the user, create the group with info I wrote above and in addition specify the Service-Type as Authenticate Only.
      Freeradius is a bit harder to configure the specifics and I am just now testing a freeradius server so I do not know the process for Machine authentication.
      If, however, you are trying to authenticate a user that gets a bit trickier and is not so straight forward.

• Movement type used for ISSUE.

  Hello all,
    I need to create report,where i need to list out all the  movment type used for ISSUE(Consumption).
    How to list out all movement type used only for ISSUE(consumption).Is there any logic can be used here?
  Useful answer will be appreciated...
  Regards,
  Shyam

  hi,
  go to MB51 and enter the movent types shown below for issues or consumption, then you  will get list of all documents related to consuptions.
  201-consumption for cost centrer
  221-consumption for project
  231-consumption for sales order
  241-consumption for assest
  251-consumption for sales
  261-consumption for order
  281-consumption for network
  291-consumption for all account assignments.
  you have to remember the movement types, i think there is no special logic to get these movement types separetly.

• 802.1x Port Authentication via RADIUS

  I am investigating implementing 802.1x port authentication on our network.
  I have a test LAN with a Catalyst 2950 switch and 2 Win XP workstations, (I know its pretty basic, but should be enough for testing purposes). One of these XP PCs is running a Win32 RADIUS server and the other has been configured for 802.1x authentication with MD5-Challenge. Both switch ports are configured for the default vlan and can ping each other.
  I have configured the switch with the following commands
  aaa new-model
  aaa authentication dot1x default group radius
  dot1x system-auth-control
  radius-server host x.x.x.x key test
  and the port to be authorised has been configured with
  dot1x port-control auto
  As far as I can tell this is all I need to configure on the switch, please correct me if I am wrong.
  When I plug the PC into the port I get the request to enter login details, which I do, the RADIUS server sees the request but rejects it, because 'the password wasn’t available'. Here is the output from the request, but there isnt any password field and I know there should be as the RADIUS server comes with a test utility and the output from that is similar to below, but the password field is included. I have removed IP/MAC addresses.
  Client address [x.x.x.x]
  NAS address [x.x.x.x]
  UniqueID=3
  Realm = def
  User = Administrator
  Code = Access request
  ID = 26
  Length = 169
  Authenticator = 0xCCD65F510764D2B2635563104D0C2601
  NAS-IP-Address = x.x.x.x
  NAS-Port = 50024
  NAS-Port-Type = Ethernet
  User-Name = Administrator
  Called-Station-Id = 00-11-00-11-00-11
  Calling-Station-Id = 11-00-11-00-11-00
  Service-Type = Framed
  Framed-MTU = 1500
  State = 0x3170020000FCB47C00
  EAP-Message = 0x0201002304106424F60D765905F614983F30504A87BA41646D696E6973747261746F72
  Message-Authenticator = 0xA119F2FD6E7384F093A5EE1BF4F761EC
  Client address [x.x.x.x]
  NAS address [x.x.x.x]
  UniqueID=4
  Realm = def
  User = Administrator
  Code = Access reject
  ID = 26
  Length = 0
  Authenticator = 0xCCD65F510764D2B2635563104D0C2601
  EAP-Message = 0x04010004
  Message-Authenticator = 0x00000000000000000000000000000000
  On the 2950 I have turned on debugging with 'debug dot1x all' and part of the output is below:
  *Mar 2 01:58:38: dot1x-ev:Username is Administrator
  *Mar 2 01:58:38: dot1x-ev:MAC Address is 0011.0011.0011
  *Mar 2 01:58:38: dot1x-ev:RemAddr is 00-11-00-11-00-11/00-11-00-11-00-11
  *Mar 2 01:58:38: dot1x-ev:going to send to backend on SP, length = 26
  *Mar 2 01:58:38: dot1x-ev:Received VLAN is No Vlan
  *Mar 2 01:58:38: dot1x-ev:Enqueued the response to BackEnd
  *Mar 2 01:58:38: dot1x-ev:Sent to Bend
  *Mar 2 01:58:38: dot1x-ev:Received QUEUE EVENT in response to AAA Request
  *Mar 2 01:58:38: dot1x-ev:Dot1x matching request-response found
  *Mar 2 01:58:38: dot1x-ev:Length of recv eap packet from radius = 26
  *Mar 2 01:58:38: dot1x-ev:Received VLAN Id -1
  Again there doesn’t appear to be a password, shouldn't I see one?
  Ultimately we will be using a Unix RADIUS server but for testing purposes I have just configured an eval version of Clearbox's RADIUS server. I've tried others as I thought the problem maybe the software, but I get similar problems regardless. If anyone can recommend better Win32 software, please do so.
  I'm struggling to figure out where the problem is, the XP machine, the switch or the RADIUS server. Any advice would be appreciated as it's getting quite frustrating.

  These are dot1x event debugs, so you wouldn't see this with that debug. The closest thing to seeing it would be to debug radius on the switch, and the password would be contained in RADIUS Attribute[79]. The switch uses this attribute to replay the EAP message (unmodified) to a RADIUS server. You might see it, but it's encrytped, so it might not buy you much. I'm sure you can imagine from a security point of view why the switch won't/shouldn't have this much visibility into this ;-).
  I would recommend either:
  a) Double-checking your RADIUS setup and logs to find out why the user failed. (double-check the RADIUS key configured on the switch too .. it must match).
  b) Downloading a third-party supplicant from Meetinghouse or Funk to use as a control.
  Eval copies are available on their websites.
  Hope this helps,

• PPPoE circuit-id tag processing with NAS-port-ID feature in 7200VXR problem

  We faced the following problem when we configured both vendor-tag circuit-id service and radius-server attribute nas-port format d command in our 7200VXR.
  When finishing configuration we did a debug radius and received the "AAA Unsupported Attr: circuit-id-tag". Circuit-id-tag as you can see in the sniffer traces has a format of access-node-identifier atm slot/module/port/vpi/vci.
  However we never got this value as a NAS-Port-Id in our debug radius command. Instead we received in specific NAS-Port-Id the format Access-Node-Identifier eth slot/subslot/port:vlan tag (? I guess so).
  The above described situation occurs when we run 12.2(31)SB2 IOS version. However we received different (probably better) results when we run on the router 12.3(7)XI7a IOS version. In this latter case as you can see in the debug radius output log the NAS-Port-Id field is filled with the correct circuit-id-tag : 10.112.0.227 atm 1/6:8.35.
  Shall we try another configuration than the nas-port format d command for radius?
  Thanks in advance for any answer provided.
  Kind Regards
  Dimitris Elefsiniotis

  Hello,
  thank you for your prompt response.
  You can find additional information in the attached files (BRAS show tech/run, sniffer traces, debug radius commands in BRAS).
  We are talking for normal sessions and as you can easily track yourself the NAS-Port-Id is different than the circuit-id-tag inserted by access device (DSLAM)(IOS 12.2(31)SB2. However, the DHCP snooping is used in aggregation 7600 router and option 82 is set by DSLAM as well.

• NAS-PORT

  Hi,
  We have a problem with the format of the Nas-Port generation an Async Interface.
  The format is different if the call arrive on the async interface or isdn interface.
  the Nas-port is different :
  1. for isdn:
  NAS-Port [5] 6 20128
  Cisco AVpair [1] 30 "interface=Async128*Serial1:0"
  NAS-Port-Type [61] 6 ISDN-Async-V110 [4]
  2. for Analogic:
  NAS-Port [5] 6 130
  Cisco AVpair [1] 30 "interface=Async130*Serial1:0"
  NAS-Port-Type [61] 6 Async [0]
  The problem is that the range of IP-ADDRESS that our radius server allocate for the client depends from the Nas port Value and if this is not calculated in the same way we have duplicate IP address.
  We need an attribute defined uniquely to base our IP and to avoid their duplication. Is Cisco-Nas-port unique?
  In attach you will find more explain.
  Thanks
  Ira

  Every subscriber in a mobile network is uniquely identified by a mobile station ISDN or public switched telephone network (PSTN) number. The ISDN Type of Number to RADIUS Server feature provides information about the calling party for billing purposes. (Before the ISDN Type of Number to RADIUS Server feature was introduced, there was no way to derive the TON informationfrom either the caller identification [CLID] or other attributes.)
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7a79.html#35710

• Wrong number of type of args to dbms_aq.listen

  Has anyone had trouble with the argument list for dbms_aq.listen. We've just go AQ going, having no trouble with enqueue and dequeue. However, when supplying what SEEM to be the right arg types for LISTEN (a table of aq$_agent, a binary int, and an aq$_agent for out) oracle gives us wrong number of type of arguments for call to
  DBMS_AQ.LISTEN (we're running 8.1.7).
  Sorry I'm at home and code is at work. But, just wondering if anyone else has had trouble with this.
  thanks

  The code would probably look like the following... where my_dequeue is my dequeue
  procedure.
  declare
  agent sys.aq$_agent;
  qlist dbms_aq.aq$_agent_list_t;
  begin
  qlist(1):= sys.aq$_agent(NULL, 'aqlis.qt1_queue1', NULL);
  qlist(2):= sys.aq$_agent(NULL, 'aqlis.qt2_queue4', NULL);
  dbms_output.put_line('Listening on' | |
  ' qt1_queue1, qt2_queue4');
  dbms_aq.listen(qlist, 0, agent);
  dbms_output.put_line('Message in Queue :- ' | | agent.address);
  my_dequeue(agent.address);
  dbms_output.put_line('');
  end;
  /

• Tacacs+ for exec and radius for ppp on the same ras

  Hi, I'm going to implement tacacs+ for exec control and RADIUS for ppp control in a ras router, using the same ACS for tacacs+ and radius sessions.
  Is there any problem with this kind of configuration ?
  thank you in advance
  Renato

  Renato
  I have recently done something very similar at a customer site. On a remote access server we configured it to use TACACS for exec control and to use Radius for ppp. In our case we are using different servers but I do not think that would be an issue. We also are generating aaa accounting records for the ppp sessions and sending the accounting records to the TACACS server. I have not had any particular problems with getting this to work.
  HTH
  Rick