cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2169
Views
0
Helpful
2
Replies

7206, ADSL connections and backend Radius

mbellears
Level 1
Level 1

In the process of setting up a 7206 to terminate ADSL connections, using a Radiator (Radius) server for auth.

The test ADSL connection appears to authenticate successfuly, but then disconnect immediately, then attempt to authenticate again.

I am seeing the following in the 7206 logs:

Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: Looking for tunnel dsl.datafx.com.au

Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: tunnel dsl.datafx.com.au doesn't exist

Jul 13 08:13:57.335 aest: AAA/AUTHOR (2818497300): Post authorization status = ERROR

and

Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 18/"Host Request"

Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"

Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1046/"Upper Layer Req Close"

Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"

Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 1/"User Request"

Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"

Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1045/"Received Terminate"

Then I see the connection est. then a nosess:

gc-rt-02#sh vpdn tunnel

L2TP Tunnel Information Total tunnels 1 sessions 1

LocID RemID Remote Name State Remote Address Port Sessions

36067 1758 for-cor3 est 210.8.1.65 1701 1

%No active L2F tunnels

%No active PPTP tunnels

%No active PPPoE tunnels

gc-rt-02#sh vpdn tunnel

L2TP Tunnel Information Total tunnels 1 sessions 0

LocID RemID Remote Name State Remote Address Port Sessions

36067 1758 for-cor3 nosess 210.8.1.65 1701 0

Radius server is reporting the term cause as 'Host-Request':

Acct-Terminate-Cause = Host-Request

Have the following on the 7206 (Multiple vpdn-groups are defined):

aaa new-model

aaa authentication ppp default if-needed group radius

aaa authorization network default group radius local

aaa authorization network l2tp group radius

aaa accounting update periodic 10

aaa accounting network default start-stop group radius

aaa accounting network l2tp start-stop group radius

!

vpdn enable

vpdn multihop

vpdn aaa attribute nas-port vpdn-nas

no vpdn logging remote

no vpdn logging user

vpdn history failure table-size 50

vpdn ignore udp checksum

vpdn search-order domain

vpdn domain-delimiter @ suffix

vpdn domain-delimiter / prefix

!

vpdn-group for

accept-dialin

protocol l2tp

virtual-template 1

terminate-from hostname for-cor3

local name dsl.datafx.com.au

lcp renegotiation on-mismatch

l2tp tunnel password 7 08306004044D40

!

interface Virtual-Template1

description Connect L2TP termination

no ip address

ppp authentication pap chap callin

ppp authorization l2tp

ppp accounting l2tp

!

radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813

radius-server retransmit 3

radius-server attribute 25 nas-port format d

radius-server attribute nas-port format d

radius-server key #############

!

I'm certain I am missing something vital in the radius config...

Any assistance is greatly appreciated.

Regards,

MB

2 Replies 2

sghosh
Level 1
Level 1

Hi,

Can you please change this line

aaa authentication ppp default if-needed group radius

to

aaa authentication ppp default group radius

Can you get us the following debugs.

debug radius

debug aaa authen

debug aaa author

debug aaa per-user

debug vtemplate

Looks like the router does not like some of the attributes from the radius server.

Thanks

Sujit

Thanks for the reply - I found what the problem was:

!

interface Virtual-Template1

description Connect L2TP termination

no ip address <--- #### This line Needed to be ip unnumbered Port-channel1.50 (Our open-pipe Sub. Int)

ppp authentication pap chap callin

ppp authorization l2tp

ppp accounting l2tp

!

Soon as I modified the above, test connection worked!

Regards,

MB