07-12-2003 03:00 PM - edited 03-10-2019 07:24 AM
In the process of setting up a 7206 to terminate ADSL connections, using a Radiator (Radius) server for auth.
The test ADSL connection appears to authenticate successfuly, but then disconnect immediately, then attempt to authenticate again.
I am seeing the following in the 7206 logs:
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: Looking for tunnel dsl.datafx.com.au
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: tunnel dsl.datafx.com.au doesn't exist
Jul 13 08:13:57.335 aest: AAA/AUTHOR (2818497300): Post authorization status = ERROR
and
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 18/"Host Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1046/"Upper Layer Req Close"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 1/"User Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1045/"Received Terminate"
Then I see the connection est. then a nosess:
gc-rt-02#sh vpdn tunnel
L2TP Tunnel Information Total tunnels 1 sessions 1
LocID RemID Remote Name State Remote Address Port Sessions
36067 1758 for-cor3 est 210.8.1.65 1701 1
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
gc-rt-02#sh vpdn tunnel
L2TP Tunnel Information Total tunnels 1 sessions 0
LocID RemID Remote Name State Remote Address Port Sessions
36067 1758 for-cor3 nosess 210.8.1.65 1701 0
Radius server is reporting the term cause as 'Host-Request':
Acct-Terminate-Cause = Host-Request
Have the following on the 7206 (Multiple vpdn-groups are defined):
aaa new-model
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius local
aaa authorization network l2tp group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
aaa accounting network l2tp start-stop group radius
!
vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
no vpdn logging remote
no vpdn logging user
vpdn history failure table-size 50
vpdn ignore udp checksum
vpdn search-order domain
vpdn domain-delimiter @ suffix
vpdn domain-delimiter / prefix
!
vpdn-group for
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname for-cor3
local name dsl.datafx.com.au
lcp renegotiation on-mismatch
l2tp tunnel password 7 08306004044D40
!
interface Virtual-Template1
description Connect L2TP termination
no ip address
ppp authentication pap chap callin
ppp authorization l2tp
ppp accounting l2tp
!
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server attribute 25 nas-port format d
radius-server attribute nas-port format d
radius-server key #############
!
I'm certain I am missing something vital in the radius config...
Any assistance is greatly appreciated.
Regards,
MB
07-15-2003 03:54 PM
Hi,
Can you please change this line
aaa authentication ppp default if-needed group radius
to
aaa authentication ppp default group radius
Can you get us the following debugs.
debug radius
debug aaa authen
debug aaa author
debug aaa per-user
debug vtemplate
Looks like the router does not like some of the attributes from the radius server.
Thanks
Sujit
07-15-2003 06:34 PM
Thanks for the reply - I found what the problem was:
!
interface Virtual-Template1
description Connect L2TP termination
no ip address <--- #### This line Needed to be ip unnumbered Port-channel1.50 (Our open-pipe Sub. Int)
ppp authentication pap chap callin
ppp authorization l2tp
ppp accounting l2tp
!
Soon as I modified the above, test connection worked!
Regards,
MB
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide