- Cisco Community
- Technology and Support
- Service Providers
- Other Service Provider Subjects
- Migrate PPPoE/Virtual-Interface from 7206VXR to ASR 1002
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Migrate PPPoE/Virtual-Interface from 7206VXR to ASR 1002
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2012 12:14 PM - edited 03-01-2019 02:36 PM
Good Day,
I have been attempting to migrate services from an existing 7206VXR to a recently purchased ASR1002 and could use some help.
My mistake in assuming that the config would be similar to 7206VXR, but there are changes - mainly VRF and cisco-avpair attributes that need added to radius.
Our lab test, with the below ASR config will allow the user to authenticate successfully but does not assign IP address.
| User Status | User is online |
|---|---|
| Last Connection | 2012-09-21 10:27:47 |
| Online Time | 1 hours, 4 minutes, 15 seconds |
| Server (NAS) | 206.251.40.52 (MAC: ) |
| User Workstation | (MAC: ) |
| User Upload | 6.5 Kb |
| User Download | 6.51 Kb |
| ID | HotSpot | Username | IP Address | Start Time | Stop Time | Total Time | Upload (Bytes) | Download (Bytes) | Termination | NAS IP Address |
|---|---|---|---|---|---|---|---|---|---|---|
| 7837056 | dccvtest@dcdi.net | 2012-09-21 10:27:47 | 1 hours, 4 minutes, 15 seconds | 6.5 Kb | 6.51 Kb | 206.251.40.52 |
I have also tried assigning a static IP to the CPE, however the CPE cannot see 199.200.107.1.
No doubt the problem is something simple I appreciate any help or suggestions.
Radius Reply Attributes
Cisco-AVPair += ip:vrf-id=CV_VRF
Cisco-AVPair += ip:ip-unnumbered=Loopback 111 (generates unsupported sub-interface errors when used)
7206VXR Config-
aaa new-model
!
aaa authentication login default group radius
aaa authentication login con none
aaa authentication login vty line local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius
aaa authorization network noauth none
aaa accounting update periodic 5
aaa accounting network default
action-type start-stop
group radius
!
aaa accounting system default
action-type start-stop
group radius
!
!
bba-group pppoe 156
virtual-template 156
sessions per-vc limit 65000
sessions per-mac limit 65000
sessions per-vlan limit 65000
!
interface Loopback0
ip address 10.1.1.3 255.255.255.255
ip ospf network point-to-point
!
!
interface GigabitEthernet0/1
no ip address
no ip redirects
duplex full
speed 1000
media-type rj45
no negotiation auto
no cdp enable
!
interface GigabitEthernet0/1.20
description ROUTER GATEWAY
encapsulation dot1Q 20
ip address 206.251.40.51 255.255.255.248
no cdp enable
!
interface GigabitEthernet0/2
no ip address
no ip redirects
duplex full
speed 1000
media-type rj45
no negotiation auto
no cdp enable
!
interface GigabitEthernet0/2.156
encapsulation dot1Q 156
ip address 199.30.185.1 255.255.255.0 secondary
ip address 199.30.186.1 255.255.255.0 secondary
ip address 199.30.187.1 255.255.255.0 secondary
ip address 199.30.184.1 255.255.255.0
pppoe enable group 156
no cdp enable
!
!
interface Virtual-Template156
ip unnumbered GigabitEthernet0/2.156
no ip redirects
no ip route-cache cef
peer default ip address pool IP_POOL156
ppp mtu adaptive
ppp authentication pap
!
!
ip local pool IP_POOL156 199.30.184.2 199.30.184.254
ip local pool IP_POOL156 199.30.185.2 199.30.185.254
ip local pool IP_POOL156 199.30.186.2 199.30.186.254
ip local pool IP_POOL156 199.30.187.2 199.30.187.254
!
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 199.30.184.0 255.255.252.0 Null0 200
!
!
ip prefix-list AS19045 seq 10 permit 199.30.184.0/22
!
ip radius source-interface GigabitEthernet0/1.20
!
radius-server host x.x.x.x auth-port 1812 acct-port 1813
radius-server retransmit 1
radius-server timeout 60
radius-server key ********
radius-server vsa send accounting
radius-server vsa send authentication
ASR 1002 Config (attempt)
aaa new-model
!
aaa group server radius AAA_CV_VRF
server 208.98.188.6 auth-port 1812 acct-port 1813
aaa authentication login default group AAA_CV_VRF
aaa authentication login con none
aaa authentication login vty line local
aaa authentication login localauth local
aaa authentication ppp default if-needed group AAA_CV_VRF
aaa authorization network default group AAA_CV_VRF
aaa authorization network noauth none
aaa accounting update newinfo periodic 60
aaa accounting network default start-stop group AAA_CV_VRF
aaa accounting connection default start-stop group AAA_CV_VRF
aaa accounting system default
action-type start-stop
group AAA_CV_VRF
aaa accounting resource default start-stop group AAA_CV_VRF
!
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone MST -7 0
clock summer-time MST recurring
no ip source-route
!
ip vrf CV_VRF
rd 1:1
!
virtual-profile if-needed
!
multilink bundle-name authenticated
!
bba-group pppoe 111
description TEST
virtual-template 111
sessions per-vc limit 65000
sessions per-mac limit 65000
sessions per-vlan limit 65000
sessions auto cleanup
!
!
interface Loopback0
ip address 10.1.1.4 255.255.255.255
ip ospf network point-to-point
!
interface Loopback111
description TEST
ip vrf forwarding CV_VRF
ip address 199.200.107.1 255.255.255.0
!
!
interface GigabitEthernet0/0/2
no ip address
no ip redirects
no negotiation auto
!
interface GigabitEthernet0/0/2.20
description ROUTER GATEWAY
encapsulation dot1Q 20
ip address 206.251.40.52 255.255.255.248
!
interface GigabitEthernet0/0/3
no ip address
no ip redirects
no negotiation auto
!
interface GigabitEthernet0/0/3.111
encapsulation dot1Q 111
ip vrf forwarding CV_VRF
no ip proxy-arp
pppoe enable group 111
!
!
interface Virtual-Template111
ip unnumbered GigabitEthernet0/0/3.111
no ip redirects
no ip route-cache cef
peer default ip address pool IP_POOL111
ppp mtu adaptive
ppp authentication pap
!
router ospf 19045
router-id 10.1.1.4
network 10.1.1.4 0.0.0.0 area 0.0.0.0
network 199.200.107.0 0.0.0.255 area 0.0.0.0
network 206.251.40.48 0.0.0.7 area 0.0.0.0
!
router bgp 19045
bgp log-neighbor-changes
network 199.200.104.0 mask 255.255.252.0
network 206.251.40.0 mask 255.255.248.0
neighbor 10.1.1.1 remote-as 19045
neighbor 10.1.1.1 description IBGP_PEER_ASR
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.1 next-hop-self
!
!
ip local pool IP_POOL111 199.200.107.2 199.200.107.254
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 206.251.40.49
ip route 199.200.104.0 255.255.252.0 Null0 200
!
ip prefix-list AS19045 seq 10 permit 199.200.104.0/22
!
ip radius source-interface GigabitEthernet0/0/2.20
!
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key ********
radius-server retransmit 1
radius-server timeout 60
radius-server vsa send accounting
radius-server vsa send authentication
!
Debug Info
*Sep 20 22:03:26.677: [910]PPPoE 1911: AAA get dynamic attrs
*Sep 20 22:03:26.678: [910]PPPoE 1911: O PADT R:6468.0cf7.8546 L:f866.f287.7c83 Gi0/0/3.111
*Sep 20 22:03:26.678: [910]PPPoE 1911: Destroying R:6468.0cf7.8546 L:f866.f287.7c83 111 Gi0/0/3.111
*Sep 20 22:03:26.678: PPPoE: Returning Vaccess Virtual-Access3
*Sep 20 22:03:26.679: [910]PPPoE 1911: AAA get dynamic attrs
*Sep 20 22:03:26.679: [910]PPPoE 1911: AAA account stopped
*Sep 20 22:03:26.679: RADIUS/ENCODE(00000791):Orig. component type = PPPoE
*Sep 20 22:03:26.679: RADIUS(00000791): Config NAS IP: 0.0.0.0
*Sep 20 22:03:26.679: RADIUS(00000791): Config NAS IPv6: ::
*Sep 20 22:03:26.679: RADIUS(00000791): sending
*Sep 20 22:03:26.682: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 20 22:03:26.682: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Sep 20 22:03:26.683: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:26.683: RADIUS(00000791): Sending a IPv4 Radius Packet
*Sep 20 22:03:26.683: RADIUS(00000791): Send Accounting-Request to 208.98.188.6:1813 id 1646/71,len 379
*Sep 20 22:03:26.683: RADIUS: authenticator A6 50 A4 C3 2A 30 AB DA - 59 BF E8 75 8A 91 AA 9B
*Sep 20 22:03:26.683: RADIUS: Acct-Session-Id [44] 10 "00000D51"
*Sep 20 22:03:26.683: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 53
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 47 "ppp-disconnect-cause=Lower Layer disconnected"
*Sep 20 22:03:26.683: RADIUS: User-Name [1] 19 "dccvtest@dcdi.net"
*Sep 20 22:03:26.683: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 32
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 26 "connect-progress=Call Up"
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 31
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 25 "nas-tx-speed=1000000000"
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 31
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 25 "nas-rx-speed=1000000000"
*Sep 20 22:03:26.683: RADIUS: Acct-Session-Time [46] 6 615
*Sep 20 22:03:26.683: RADIUS: Acct-Input-Octets [42] 6 1040
*Sep 20 22:03:26.683: RADIUS: Acct-Output-Octets [43] 6 1066
*Sep 20 22:03:26.683: RADIUS: Acct-Input-Packets [47] 6 78
*Sep 20 22:03:26.684: RADIUS: Acct-Output-Packets [48] 6 79
*Sep 20 22:03:26.684: RADIUS: Acct-Terminate-Cause[49] 6 admin-reset [6]
*Sep 20 22:03:26.684: RADIUS: Vendor, Cisco [26] 39
*Sep 20 22:03:26.684: RADIUS: Cisco AVpair [1] 33 "disc-cause-ext=Local Admin Disc"
*Sep 20 22:03:26.684: RADIUS: Acct-Status-Type [40] 6 Stop [2]
*Sep 20 22:03:26.684: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:26.684: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:26.684: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:26.684: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:26.684: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:26.684: RADIUS: Connect-Info [77] 8 "CV_VRF"
*Sep 20 22:03:26.684: RADIUS: Service-Type [6] 6 Framed [2]
*Sep 20 22:03:26.684: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:26.684: RADIUS: Acct-Delay-Time [41] 6 0
*Sep 20 22:03:26.684: RADIUS(00000791): Started 60 sec timeout
*Sep 20 22:03:26.686: [910]PPPoE 1911: Segment (SSS class): UNBOUND
*Sep 20 22:03:26.686: [910]PPPoE 1911: Vi3 Block vaccess from being freed.
*Sep 20 22:03:26.687: [910]PPPoE 1911: Segment (SSS class): UNPROVISION
*Sep 20 22:03:26.687: [910]PPPoE 1911: failed to remove session from switching hash table.
*Sep 20 22:03:26.694: PPPoE 1911: I PADT R:6468.0cf7.8546 L:f866.f287.7c83 111 Gi0/0/3.111
*Sep 20 22:03:26.758: RADIUS: Received from id 1646/71 208.98.188.6:1813, Accounting-response, len 20
*Sep 20 22:03:26.758: RADIUS: authenticator E3 A2 A1 EE B0 3F 43 1C - 03 B6 84 A8 20 0D B8 90
*Sep 20 22:03:32.713: PPPoE 0: I PADI R:6468.0cf7.8546 L:ffff.ffff.ffff 111 Gi0/0/3.111
*Sep 20 22:03:32.713: Service tag: NULL Tag
*Sep 20 22:03:32.713: PPPoE 0: O PADO, R:f866.f287.7c83 L:6468.0cf7.8546 111 Gi0/0/3.111
*Sep 20 22:03:32.713: Service tag: NULL Tag
*Sep 20 22:03:32.722: PPPoE 0: I PADR R:6468.0cf7.8546 L:f866.f287.7c83 111 Gi0/0/3.111
*Sep 20 22:03:32.722: Service tag: NULL Tag
*Sep 20 22:03:32.722: PPPoE : encap string prepared
*Sep 20 22:03:32.722: [911]PPPoE 1912: Access IE handle allocated
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA get retrieved attrs
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA get nas port details
*Sep 20 22:03:32.722: [911]PPPoE 1912: Error adjusting nas port format did
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA get dynamic attrs
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA unique ID 792 allocated
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA method list set
*Sep 20 22:03:32.722: [911]PPPoE 1912: Service request sent to SSS
*Sep 20 22:03:32.723: [911]PPPoE 1912: Created, Service: None R:f866.f287.7c83 L:6468.0cf7.8546 111 Gi0/0/3.111
*Sep 20 22:03:32.723: [911]PPPoE 1912: State NAS_PORT_POLICY_INQUIRY Event SSS MORE KEYS
*Sep 20 22:03:32.724: [911]PPPoE 1912: data path set to PPP
*Sep 20 22:03:32.724: [911]PPPoE 1912: Segment (SSS class): PROVISION
*Sep 20 22:03:32.724: [911]PPPoE 1912: State PROVISION_PPP Event SSM PROVISIONED
*Sep 20 22:03:32.724: [911]PPPoE 1912: O PADS R:6468.0cf7.8546 L:f866.f287.7c83 Gi0/0/3.111
*Sep 20 22:03:32.724: [911]PPPoE 1912 <Gi0/0/3.111:111>: Unable to add line attributes from ANCP
*Sep 20 22:03:32.724: [911]PPPoE 1912: Unable to Add ANCP Line attributes to the PPPoE Authen attributes
*Sep 20 22:03:33.845: RADIUS/ENCODE(00000792):Orig. component type = PPPoE
*Sep 20 22:03:33.845: RADIUS: DSL line rate attributes successfully added
*Sep 20 22:03:33.845: RADIUS(00000792): Config NAS IP: 0.0.0.0
*Sep 20 22:03:33.845: RADIUS(00000792): Config NAS IPv6: ::
*Sep 20 22:03:33.845: RADIUS/ENCODE(00000792): acct_session_id: 3411
*Sep 20 22:03:33.845: RADIUS(00000792): sending
*Sep 20 22:03:33.845: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:33.845: RADIUS(00000792): Sending a IPv4 Radius Packet
*Sep 20 22:03:33.845: RADIUS(00000792): Send Access-Request to 208.98.188.6:1812 id 1645/56,len 124
*Sep 20 22:03:33.846: RADIUS: authenticator 3E 87 16 F9 FF 1A F8 74 - D6 7F 38 C3 F0 98 6E 6F
*Sep 20 22:03:33.846: RADIUS: User-Name [1] 10 "dcdi.net"
*Sep 20 22:03:33.846: RADIUS: User-Password [2] 18 *
*Sep 20 22:03:33.846: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:33.846: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:33.846: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:33.846: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:33.846: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:33.846: RADIUS: Service-Type [6] 6 Outbound [5]
*Sep 20 22:03:33.846: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:33.846: RADIUS(00000792): Started 60 sec timeout
*Sep 20 22:03:34.868: RADIUS: Received from id 1645/56 208.98.188.6:1812, Access-Reject, len 20
*Sep 20 22:03:34.868: RADIUS: authenticator 02 CF 53 0A 6A 62 E5 DB - 2E 96 99 E4 09 D8 2E B1
*Sep 20 22:03:34.868: RADIUS(00000792): Received from id 1645/56
*Sep 20 22:03:34.869: RADIUS/ENCODE(00000792):Orig. component type = PPPoE
*Sep 20 22:03:34.869: RADIUS: DSL line rate attributes successfully added
*Sep 20 22:03:34.869: RADIUS(00000792): Config NAS IP: 0.0.0.0
*Sep 20 22:03:34.869: RADIUS(00000792): Config NAS IPv6: ::
*Sep 20 22:03:34.869: RADIUS/ENCODE(00000792): acct_session_id: 3411
*Sep 20 22:03:34.869: RADIUS(00000792): sending
*Sep 20 22:03:34.870: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:34.870: RADIUS(00000792): Sending a IPv4 Radius Packet
*Sep 20 22:03:34.870: RADIUS(00000792): Send Access-Request to 208.98.188.6:1812 id 1645/57,len 139
*Sep 20 22:03:34.870: RADIUS: authenticator 8D 12 A1 E3 30 52 B0 F5 - 1C CD 8F 60 49 E9 F4 26
*Sep 20 22:03:34.870: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Sep 20 22:03:34.870: RADIUS: User-Name [1] 19 "dccvtest@dcdi.net"
*Sep 20 22:03:34.870: RADIUS: User-Password [2] 18 *
*Sep 20 22:03:34.870: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:34.870: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:34.870: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:34.870: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:34.870: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:34.870: RADIUS: Service-Type [6] 6 Framed [2]
*Sep 20 22:03:34.870: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:34.870: RADIUS(00000792): Started 60 sec timeout
*Sep 20 22:03:34.894: RADIUS: Received from id 1645/57 208.98.188.6:1812, Access-Accept, len 44
*Sep 20 22:03:34.894: RADIUS: authenticator AC 92 A9 7C 1F CB 46 6B - F6 68 03 D8 AF 0B F0 F5
*Sep 20 22:03:34.894: RADIUS: Vendor, Cisco [26] 24
*Sep 20 22:03:34.894: RADIUS: Cisco AVpair [1] 18 "ip:vrf-id=CV_VRF"
*Sep 20 22:03:34.894: RADIUS(00000792): Received from id 1645/57
*Sep 20 22:03:34.902: [911]PPPoE 1912: State LCP_NEGOTIATION Event SSS CONNECT LOCAL
*Sep 20 22:03:34.904: [911]PPPoE 1912: Segment (SSS class): UPDATED
*Sep 20 22:03:34.904: [911]PPPoE 1912: Segment (SSS class): BOUND
*Sep 20 22:03:34.904: [911]PPPoE 1912: data path set to Virtual Acess
*Sep 20 22:03:34.905: [911]PPPoE 1912: State LCP_NEGOTIATION Event SSM UPDATED
*Sep 20 22:03:34.905: [911]PPPoE 1912: AAA get dynamic attrs
*Sep 20 22:03:34.906: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 20 22:03:34.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
*Sep 20 22:03:34.907: RADIUS/ENCODE(00000792):Orig. component type = PPPoE
*Sep 20 22:03:34.907: RADIUS(00000792): Config NAS IP: 0.0.0.0
*Sep 20 22:03:34.907: RADIUS(00000792): Config NAS IPv6: ::
*Sep 20 22:03:34.907: RADIUS(00000792): sending
*Sep 20 22:03:34.907: [911]PPPoE 1912: State PTA_BINDING Event STATIC BIND RESPONSE
*Sep 20 22:03:34.907: [911]PPPoE 1912: Connected PTA
*Sep 20 22:03:34.908: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:34.913: RADIUS(00000792): Sending a IPv4 Radius Packet
*Sep 20 22:03:34.913: RADIUS(00000792): Send Accounting-Request to 208.98.188.6:1813 id 1646/72,len 189
*Sep 20 22:03:34.913: RADIUS: authenticator 5B 19 2B 31 5B 6C E7 46 - 5D 69 8D 66 99 13 2E F0
*Sep 20 22:03:34.913: RADIUS: Acct-Session-Id [44] 10 "00000D53"
*Sep 20 22:03:34.913: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Sep 20 22:03:34.913: RADIUS: User-Name [1] 19 "dccvtest@dcdi.net"
*Sep 20 22:03:34.913: RADIUS: Vendor, Cisco [26] 32
*Sep 20 22:03:34.913: RADIUS: Cisco AVpair [1] 26 "connect-progress=Call Up"
*Sep 20 22:03:34.913: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Sep 20 22:03:34.913: RADIUS: Acct-Status-Type [40] 6 Start [1]
*Sep 20 22:03:34.913: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:34.913: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:34.913: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:34.913: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:34.913: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:34.913: RADIUS: Connect-Info [77] 8 "CV_VRF"
*Sep 20 22:03:34.913: RADIUS: Service-Type [6] 6 Framed [2]
*Sep 20 22:03:34.913: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:34.914: RADIUS: Acct-Delay-Time [41] 6 0
*Sep 20 22:03:34.914: RADIUS(00000792): Started 60 sec timeout
*Sep 20 22:03:34.994: RADIUS: Received from id 1646/72 208.98.188.6:1813, Accounting-response, len 20
*Sep 20 22:03:34.994: RADIUS: authenticator 8E E3 AD 24 76 EA C2 53 - AD 0F DD 57 AC 0D F3 BAsho debug
coreASR1002#sho debugging
General OS:
AAA subscriber profile cli debugging is on
PPPoE:
PPPoE protocol events debugging is on
PPPoE protocol errors debugging is on
Radius protocol debugging is on
Radius packet protocol debugging is on
- Labels:
-
Other Service Providers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2012 06:32 AM
Hi Darin,
Hope you are doing good. From what you described, I understand that the problem is that your PPPoE client is not getting IP address even though the sessions seems to be up. Is this correct? If so, did you tried debugging the PPP negotiation itself? You may use:
debug ppp negotiation
debug ppp authentication
Hopefully we can see what happens during IPCP that may be preventing the IP to be provided to the CPE. If the CPE is also a Cisco device, it would be useful to use the debugs there as well.
Another thing, for testing purposes, did you tried removing the "ip:vrf-id=CV_VRF" attribute from the user profile? I'm asking just to see if the issue may be related to the fact that we are trying to place the session in a specific VRF which may then be introducing some issue.
Best regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2012 12:54 PM
Good Day Manuel,
"...client is not getting IP address even though the sessions seems to be up. Is this correct?" Correct.
What I am seeing and suspecting is the problem has to do with 'ip:ip-unnumbered=interface'.
Trying with the ip:ip-unnumbered=Loopback111 or GigabitEthernet0/0/3.111 (for testing) debugging reports "Session creation failed due to full virtual-access interfaces not being supported...", as soon as the attribute is removed in radius the client authenticates but does not get an IP address. I would rather not use Loopback if possible.
GE0/0/3.111 is basically the client egress and GE0/0/2.20 is the ingress/router gateway
Also seeing this debug message, "...Unable to add line attributes from ANCP ... Unable to Add ANCP Line attributes to the PPPoE Authen attributes" which may or may not relate to ip-unnumbered attribute.
I hope the information isn't too much or confusing, sure appreciate the help.
debugging with ip:vrf-id=CV_VRF w/o ip:ip-unnumbered
*Sep 26 17:04:57.395: Vi3 PPP DISC: Lower Layer disconnected
*Sep 26 17:04:57.396: Vi3 PPP: Sending Acct Event[Down] id[5FB]
*Sep 26 17:04:57.396: PPP: NET STOP send to AAA.
*Sep 26 17:04:57.396: Vi3 LCP: O TERMREQ [Open] id 4 len 4
*Sep 26 17:04:57.396: Vi3 LCP: Event[CLOSE] State[Open to Closing]
*Sep 26 17:04:57.396: Vi3 PPP: Phase is TERMINATING
*Sep 26 17:04:57.397: Vi3 PPP: Block vaccess from being freed [0x10]
*Sep 26 17:04:57.398: Vi3 LCP: Event[DOWN] State[Closing to Initial]
*Sep 26 17:04:57.399: Vi3 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Sep 26 17:04:57.399: Vi3 PPP: Free previously blocked vaccess
*Sep 26 17:04:57.399: Vi3 PPP: Phase is DOWN
*Sep 26 17:04:57.400: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 26 17:04:57.401: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Sep 26 17:05:03.440: PPP: Alloc Context [38E95CFC]
*Sep 26 17:05:03.440: ppp514 PPP: Phase is ESTABLISHING
*Sep 26 17:05:03.440: ppp514 PPP: Using vpn set call direction
*Sep 26 17:05:03.440: ppp514 PPP: Treating connection as a callin
*Sep 26 17:05:03.440: ppp514 PPP: Session handle[1D0005EB] Session id[514]
*Sep 26 17:05:03.440: ppp514 LCP: Event[OPEN] State[Initial to Starting]
*Sep 26 17:05:03.441: ppp514 PPP LCP: Enter passive mode, state[Stopped]
*Sep 26 17:05:04.522: ppp514 LCP: I CONFREQ [Stopped] id 180 len 10
*Sep 26 17:05:04.522: ppp514 LCP: MagicNumber 0x0669ECAE (0x05060669ECAE)
*Sep 26 17:05:04.522: ppp514 LCP: O CONFREQ [Stopped] id 1 len 18
*Sep 26 17:05:04.522: ppp514 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:05:04.522: ppp514 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:05:04.522: ppp514 LCP: MagicNumber 0x6ABFFB9F (0x05066ABFFB9F)
*Sep 26 17:05:04.522: ppp514 LCP: O CONFACK [Stopped] id 180 len 10
*Sep 26 17:05:04.522: ppp514 LCP: MagicNumber 0x0669ECAE (0x05060669ECAE)
*Sep 26 17:05:04.522: ppp514 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent]
*Sep 26 17:05:04.525: ppp514 LCP: I CONFACK [ACKsent] id 1 len 18
*Sep 26 17:05:04.526: ppp514 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:05:04.526: ppp514 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:05:04.526: ppp514 LCP: MagicNumber 0x6ABFFB9F (0x05066ABFFB9F)
*Sep 26 17:05:04.526: ppp514 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Sep 26 17:05:04.528: ppp514 PPP: Queue PAP code[1] id[15]
*Sep 26 17:05:04.529: ppp514 PPP: Phase is AUTHENTICATING, by this end
*Sep 26 17:05:04.529: ppp514 PAP: Redirect packet to ppp514
*Sep 26 17:05:04.529: ppp514 PAP: I AUTH-REQ id 15 len 31 from "dccvtest@dcdi.net"
*Sep 26 17:05:04.529: ppp514 PAP: Authenticating peer dccvtest@dcdi.net
*Sep 26 17:05:04.529: ppp514 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:05:04.529: ppp514 LCP: State is Open
*Sep 26 17:05:05.553: ppp514 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Sep 26 17:05:05.553: ppp514 PPP: Sent PAP LOGIN Request
*Sep 26 17:05:05.584: ppp514 PPP: Received LOGIN Response PASS
*Sep 26 17:05:05.584: ppp514 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:05:05.594: Vi3 PPP: Phase is AUTHENTICATING, Authenticated User
*Sep 26 17:05:05.594: Vi3 PAP: O AUTH-ACK id 15 len 5
*Sep 26 17:05:05.595: Vi3 PPP: Phase is UP
*Sep 26 17:05:05.595: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 26 17:05:05.596: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
*Sep 26 17:05:05.606: Vi3 IPCP: I CONFREQ [UNKNOWN] id 44 len 22
*Sep 26 17:05:05.606: Vi3 IPCP: Address 0.0.0.0 (0x030600000000)
*Sep 26 17:05:05.606: Vi3 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Sep 26 17:05:05.606: Vi3 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Sep 26 17:05:05.606: Vi3 LCP: O PROTREJ [Open] id 2 len 28 protocol IPCP
*Sep 26 17:05:05.606: Vi3 LCP: (0x012C0018030600000000810600000000)
*Sep 26 17:05:05.606: Vi3 LCP: (0x830600000000)
*Sep 26 17:05:05.607: Vi3 IPV6CP: I CONFREQ [UNKNOWN] id 26 len 14
*Sep 26 17:05:05.607: Vi3 IPV6CP: Interface-Id 5421:6C1B:5DCE:401A (0x010A54216C1B5DCE401A)
*Sep 26 17:05:05.607: Vi3 LCP: O PROTREJ [Open] id 3 len 20 protocol IPV6CP (0x011A0010010A54216C1B5DCE401A)
debugging w/o ip:vrf-id=CV_VRF w/o ip:ip-unnumbered
*Sep 26 17:13:12.424: Vi3 PPP DISC: Lower Layer disconnected
*Sep 26 17:13:12.424: Vi3 PPP: Sending Acct Event[Down] id[5FE]
*Sep 26 17:13:12.425: PPP: NET STOP send to AAA.
*Sep 26 17:13:12.425: Vi3 LCP: O TERMREQ [Open] id 4 len 4
*Sep 26 17:13:12.425: Vi3 LCP: Event[CLOSE] State[Open to Closing]
*Sep 26 17:13:12.425: Vi3 PPP: Phase is TERMINATING
*Sep 26 17:13:12.426: Vi3 PPP: Block vaccess from being freed [0x10]
*Sep 26 17:13:12.426: Vi3 LCP: Event[DOWN] State[Closing to Initial]
*Sep 26 17:13:12.428: Vi3 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Sep 26 17:13:12.428: Vi3 PPP: Free previously blocked vaccess
*Sep 26 17:13:12.428: Vi3 PPP: Phase is DOWN
*Sep 26 17:13:12.429: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 26 17:13:12.430: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Sep 26 17:13:18.485: PPP: Alloc Context [38E95CFC]
*Sep 26 17:13:18.485: ppp515 PPP: Phase is ESTABLISHING
*Sep 26 17:13:18.486: ppp515 PPP: Using vpn set call direction
*Sep 26 17:13:18.486: ppp515 PPP: Treating connection as a callin
*Sep 26 17:13:18.486: ppp515 PPP: Session handle[AC0005EC] Session id[515]
*Sep 26 17:13:18.486: ppp515 LCP: Event[OPEN] State[Initial to Starting]
*Sep 26 17:13:18.486: ppp515 PPP LCP: Enter passive mode, state[Stopped]
*Sep 26 17:13:19.572: ppp515 LCP: I CONFREQ [Stopped] id 181 len 10
*Sep 26 17:13:19.572: ppp515 LCP: MagicNumber 0x171E542B (0x0506171E542B)
*Sep 26 17:13:19.572: ppp515 LCP: O CONFREQ [Stopped] id 1 len 18
*Sep 26 17:13:19.572: ppp515 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:13:19.572: ppp515 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:13:19.572: ppp515 LCP: MagicNumber 0x6AC78AB2 (0x05066AC78AB2)
*Sep 26 17:13:19.572: ppp515 LCP: O CONFACK [Stopped] id 181 len 10
*Sep 26 17:13:19.572: ppp515 LCP: MagicNumber 0x171E542B (0x0506171E542B)
*Sep 26 17:13:19.572: ppp515 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent]
*Sep 26 17:13:19.576: ppp515 LCP: I CONFACK [ACKsent] id 1 len 18
*Sep 26 17:13:19.576: ppp515 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:13:19.576: ppp515 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:13:19.576: ppp515 LCP: MagicNumber 0x6AC78AB2 (0x05066AC78AB2)
*Sep 26 17:13:19.576: ppp515 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Sep 26 17:13:19.579: ppp515 PPP: Queue PAP code[1] id[16]
*Sep 26 17:13:19.601: ppp515 PPP: Phase is AUTHENTICATING, by this end
*Sep 26 17:13:19.601: ppp515 PAP: Redirect packet to ppp515
*Sep 26 17:13:19.601: ppp515 PAP: I AUTH-REQ id 16 len 31 from "dccvtest@dcdi.net"
*Sep 26 17:13:19.601: ppp515 PAP: Authenticating peer dccvtest@dcdi.net
*Sep 26 17:13:19.601: ppp515 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:13:19.601: ppp515 LCP: State is Open
*Sep 26 17:13:20.625: ppp515 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Sep 26 17:13:20.625: ppp515 PPP: Sent PAP LOGIN Request
*Sep 26 17:13:20.650: ppp515 PPP: Received LOGIN Response PASS
*Sep 26 17:13:20.650: ppp515 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:13:20.657: Vi3 PPP: Phase is AUTHENTICATING, Authenticated User
*Sep 26 17:13:20.657: Vi3 PAP: O AUTH-ACK id 16 len 5
*Sep 26 17:13:20.658: Vi3 PPP: Phase is UP
*Sep 26 17:13:20.658: Vi3 IPCP: Protocol configured, start CP. state[Initial]
*Sep 26 17:13:20.658: Vi3 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 26 17:13:20.658: Vi3 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 26 17:13:20.658: Vi3 IPCP: Address 199.200.107.1 (0x0306C7C86B01)
*Sep 26 17:13:20.658: Vi3 IPCP: Event[UP] State[Starting to REQsent]
*Sep 26 17:13:20.658: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 26 17:13:20.660: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
*Sep 26 17:13:20.666: Vi3 IPCP: I CONFREQ [REQsent] id 45 len 22
*Sep 26 17:13:20.666: Vi3 IPCP: Address 0.0.0.0 (0x030600000000)
*Sep 26 17:13:20.666: Vi3 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Sep 26 17:13:20.666: Vi3 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Sep 26 17:13:20.666: Vi3 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0
*Sep 26 17:13:20.666: Vi3 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0
*Sep 26 17:13:20.666: Vi3 IPCP: Pool returned 199.200.107.20
*Sep 26 17:13:20.667: Vi3 IPCP: O CONFNAK [REQsent] id 45 len 22
*Sep 26 17:13:20.667: Vi3 IPCP: Address 199.200.107.20 (0x0306C7C86B14)
*Sep 26 17:13:20.667: Vi3 IPCP: PrimaryDNS 208.98.188.81 (0x8106D062BC51)
*Sep 26 17:13:20.667: Vi3 IPCP: SecondaryDNS 8.8.8.8 (0x830608080808)
*Sep 26 17:13:20.667: Vi3 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]
*Sep 26 17:13:20.667: Vi3 IPV6CP: I CONFREQ [UNKNOWN] id 27 len 14
*Sep 26 17:13:20.667: Vi3 IPV6CP: Interface-Id 096D:2933:E6FE:523D (0x010A096D2933E6FE523D)
*Sep 26 17:13:20.667: Vi3 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x011B0010010A096D2933E6FE523D)
*Sep 26 17:13:20.668: Vi3 IPCP: I CONFACK [REQsent] id 1 len 10
*Sep 26 17:13:20.668: Vi3 IPCP: Address 199.200.107.1 (0x0306C7C86B01)
*Sep 26 17:13:20.668: Vi3 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
*Sep 26 17:13:20.672: Vi3 IPCP: I CONFREQ [ACKrcvd] id 46 len 22
*Sep 26 17:13:20.672: Vi3 IPCP: Address 199.200.107.20 (0x0306C7C86B14)
*Sep 26 17:13:20.672: Vi3 IPCP: PrimaryDNS 208.98.188.81 (0x8106D062BC51)
*Sep 26 17:13:20.672: Vi3 IPCP: SecondaryDNS 8.8.8.8 (0x830608080808)
*Sep 26 17:13:20.672: Vi3 IPCP: O CONFACK [ACKrcvd] id 46 len 22
*Sep 26 17:13:20.672: Vi3 IPCP: Address 199.200.107.20 (0x0306C7C86B14)
*Sep 26 17:13:20.672: Vi3 IPCP: PrimaryDNS 208.98.188.81 (0x8106D062BC51)
*Sep 26 17:13:20.672: Vi3 IPCP: SecondaryDNS 8.8.8.8 (0x830608080808)
*Sep 26 17:13:20.672: Vi3 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
*Sep 26 17:13:20.689: Vi3 IPCP: State is Open
*Sep 26 17:13:20.691: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb= 0x41F07370, ifnum= 22
*Sep 26 17:13:20.691: Vi3 Added to neighbor route AVL tree: topoid 0, address 199.200.107.20
*Sep 26 17:13:20.691: Vi3 IPCP: Install route to 199.200.107.20
*Sep 26 17:13:20.693: Vi3 PPP DISC: Lower Layer disconnected
*Sep 26 17:13:20.693: Vi3 PPP: Sending Acct Event[Down] id[5FF]
*Sep 26 17:13:20.693: PPP: NET STOP send to AAA.
*Sep 26 17:13:20.694: Vi3 IPCP: Event[DOWN] State[Open to Starting]
*Sep 26 17:13:20.694: Vi3 IPCP: Event[CLOSE] State[Starting to Initial]
*Sep 26 17:13:20.694: Vi3 LCP: O TERMREQ [Open] id 3 len 4
*Sep 26 17:13:20.694: Vi3 LCP: Event[CLOSE] State[Open to Closing]
*Sep 26 17:13:20.694: Vi3 PPP: Phase is TERMINATING
*Sep 26 17:13:20.695: Vi3 PPP: Block vaccess from being freed [0x10]
*Sep 26 17:13:20.695: Vi3 Deleted neighbor route from AVL tree: topoid 0, address 199.200.107.20
*Sep 26 17:13:20.695: Vi3 IPCP: Remove route to 199.200.107.20
*Sep 26 17:13:20.696: Vi3 LCP: Event[DOWN] State[Closing to Initial]
*Sep 26 17:13:20.696: Vi3 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Sep 26 17:13:20.696: Vi3 PPP: Free previously blocked vaccess
*Sep 26 17:13:20.696: Vi3 PPP: Phase is DOWN
*Sep 26 17:13:20.696: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 26 17:13:20.698: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2015 05:54 AM
Hi,
i have an similar problem with migrate from VXR to ASR:
Dec 10 13:51:25.029: ppp498 LCP: MRU 1492 (0x010405D4)
Dec 10 13:51:25.029: ppp498 LCP: MagicNumber 0x6D2EDE09 (0x05066D2EDE09)
Dec 10 13:51:25.029: ppp498 LCP: O CONFACK [ACKrcvd] id 41 len 14
Dec 10 13:51:25.030: ppp498 LCP: MRU 1492 (0x010405D4)
Dec 10 13:51:25.030: ppp498 LCP: MagicNumber 0x6D2EDE09 (0x05066D2EDE09)
Dec 10 13:51:25.030: ppp498 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
Dec 10 13:51:25.031: ppp498 PPP: Queue PAP code[1] id[141]
Dec 10 13:51:25.057: ppp498 PPP: Phase is AUTHENTICATING, by this end
Dec 10 13:51:25.058: ppp498 PAP: Redirect packet to ppp498
Dec 10 13:51:25.058: ppp498 PAP: I AUTH-REQ id 141 len 20 from "test3"
Dec 10 13:51:25.058: ppp498 PAP: Authenticating peer test3
Dec 10 13:51:25.058: ppp498 PPP: Phase is FORWARDING, Attempting Forward
Dec 10 13:51:25.058: ppp498 LCP: State is Open
Dec 10 13:51:25.058: ppp498 PPP: Phase is AUTHENTICATING, Unauthenticated User
Dec 10 13:51:25.058: ppp498 PPP: Sent PAP LOGIN Request
Dec 10 13:51:25.059: RADIUS/ENCODE(00000207):Orig. component type = PPPoE
Dec 10 13:51:25.059: RADIUS: DSL line rate attributes successfully added
Dec 10 13:51:25.059: RADIUS(00000207): Config NAS IP: 178.21.0.16
Dec 10 13:51:25.059: RADIUS(00000207): Config NAS IPv6: ::
Dec 10 13:51:25.059: RADIUS/ENCODE(00000207): acct_session_id: 509
Dec 10 13:51:25.059: RADIUS(00000207): sending
Dec 10 13:51:25.059: RADIUS(00000207): Send Access-Request to 178.21.0.3:1812 id 1645/242, len 125
Dec 10 13:51:25.059: RADIUS: authenticator D3 82 65 BE 14 8A 0D AA - DF 40 4C 8E 02 7C AB 88
Dec 10 13:51:25.059: RADIUS: Framed-Protocol [7] 6 PPP [1]
Dec 10 13:51:25.059: RADIUS: User-Name [1] 7 "test3"
Dec 10 13:51:25.059: RADIUS: User-Password [2] 18 *
Dec 10 13:51:25.059: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Dec 10 13:51:25.059: RADIUS: NAS-Port [5] 6 0
Dec 10 13:51:25.059: RADIUS: NAS-Port-Id [87] 9 "0/0/3/0"
Dec 10 13:51:25.059: RADIUS: Vendor, Cisco [26] 41
Dec 10 13:51:25.059: RADIUS: Cisco AVpair [1] 35 "client-mac-address=d4ca.6d72.0e1a"
Dec 10 13:51:25.059: RADIUS: Service-Type [6] 6 Framed [2]
Dec 10 13:51:25.059: RADIUS: NAS-IP-Address [4] 6 178.21.0.16
Dec 10 13:51:25.059: RADIUS(00000207): Sending a IPv4 Radius Packet
Dec 10 13:51:25.060: RADIUS(00000207): Started 5 sec timeout
Dec 10 13:51:25.082: RADIUS: Received from id 1645/242 178.21.0.3:1812, Access-Accept, len 252
Dec 10 13:51:25.082: RADIUS: authenticator 27 86 6A 02 FD 2D 0D FD - 9B E9 02 94 75 AB B3 40
Dec 10 13:51:25.082: RADIUS: Service-Type [6] 6 Framed [2]
Dec 10 13:51:25.082: RADIUS: Vendor, Cisco [26] 111
Dec 10 13:51:25.082: RADIUS: Cisco AVpair [1] 105 "lcp:interface-config#1=rate-limit input 655360 122880 245760 conform-action transmit exceed-action drop"
Dec 10 13:51:25.082: RADIUS: Vendor, Cisco [26] 115
Dec 10 13:51:25.082: RADIUS: Cisco AVpair [1] 109 "lcp:interface-config#1=rate-limit output 6963200 1305600 2611200 conform-action transmit exceed-action drop"
Dec 10 13:51:25.082: RADIUS(00000207): Received from id 1645/242
Dec 10 13:51:25.083: ppp498 PPP: Received LOGIN Response PASS
Dec 10 13:51:25.083: ppp498 PPP: Phase is FORWARDING, Attempting Forward
Dec 10 13:51:25.104: ppp498 PPP DISC: Lower Layer disconnected
Dec 10 13:51:25.104: ppp498 PPP: Sending Acct Event[Down] id[207]
Dec 10 13:51:25.104: PPP: NET STOP send to AAA.
Dec 10 13:51:25.104: ppp498 PAP: O AUTH-NAK id 141 len 27 msg is "Authentication failure"
Dec 10 13:51:25.104: ppp498 LCP: O TERMREQ [Open] id 2 len 4
Dec 10 13:51:25.104: ppp498 LCP: Event[CLOSE] State[Open to Closing]
Dec 10 13:51:25.104: ppp498 PPP: Phase is TERMINATING
Dec 10 13:51:25.110: ppp498 LCP: Event[CLOSE] State[Closing to Closing]
Dec 10 13:51:25.110: ppp498 LCP: Event[DOWN] State[Closing to Initial]
Dec 10 13:51:25.111: ppp498 PPP: Phase is DOWN
Radius is auth ACK, but the Session coms not up, why?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2015 06:09 AM
Hi,
Not sure if the issue is the same since, from the logs you shared, I don't see any issues with full VAI being created.
In any case, I see you are using lcp VSAs with rate-limit. I'm not sure these would work. Perhaps try to remove this and bring the session with nothing special and then try to see what exactly is breaking it.
Providing a configuration of the device would also be useful.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2015 06:26 AM
i have tested-without rate-limit it work's. But why i can't use rate-limit?
is there something special to set in bba-group global?
bba-group pppoe global
virtual-template 11
sessions max limit 5000
ac name BRAS3
sessions per-vc limit 5000
sessions per-mac limit 5000
sessions per-vlan limit 5000
sessions auto cleanup
interface GigabitEthernet0/0/3
no ip address
negotiation auto
pppoe enable group global
hold-queue 4096 in
aaa server radius dynamic-author
server-key masterke
auth-type any
ip radius source-interface TenGigabitEthernet0/1/0
logging alarm informational
no logging trap
access-list 2 permit 178.28.0.9
dialer-list 1 protocol ip permit
!
!
!
radius-server host 178.28.0.3 auth-port 1812 acct-port 1813 key blabla
!
!
control-plane
kind regards
Christian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2015 07:03 AM
Hi Christian,
If the only purpose of the rate-limit is to police the subscriber traffic, there are newer alternatives to do that. You can apply an MQC policy to the session or apply per-session policing.
Take a look at:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/isg/configuration/xe-3s/isg-xe-3s-book/isg-netwk-acess-pol.html
Note that the document may refer to ISG configuration guide but those features apply to ASR1k acting as BRAS only as well.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide