Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2346
Views
0
Helpful
3
Replies

Cisco 7206 PPPoE B-RAS and framed-route attribute

Blaster79
Level 1
Level 1

‎03-28-2012 03:35 AM - edited ‎03-04-2019 03:49 PM

Hi all,

i'm configuring a Cisco 7206 NPE-G2 as B-RAS for PPPoE over a Gigabit Ethernet interface. Everything is ok but i'm having problems when i try to pass the framed-route attribute from the RADIUS to assign a /29 subnet to a PPPoE client, the 7206 seems to skip it and no route is installed in the routing table.

This is the configuration:

upgrade fpd auto

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 7206-BRAS

!

boot-start-marker

boot-end-marker

!

enable secret 5 xxxxx

!

aaa new-model

!

!

aaa group server radius RADIUS1

server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key 7 xxxxx

server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key 7 xxxx

!

aaa authentication login default local

aaa authentication ppp default group RADIUS1

aaa authorization network default group RADIUS1 local

aaa accounting delay-start

aaa accounting update periodic 10

aaa accounting network default

action-type start-stop

group RADIUS1

!

!

!

!

!

!

aaa session-id common

clock timezone CEST 1

ip source-route

ip cef

!

!

!

!

ip name-server 8.8.8.8

ip name-server 8.8.4.4

no ipv6 cef

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

username admin password 7 xxx

!

!

!

!

!

!

bba-group pppoe PPPOE

virtual-template 1

vendor-tag circuit-id service

vendor-tag dsl-sync-rate service

sessions per-mac limit 1

!

!

interface Loopback0

ip address 10.1.0.254 255.255.255.0

!

interface GigabitEthernet0/1

ip address xx.xx.xx.xx 255.255.255.252

duplex full

speed 1000

media-type rj45

negotiation auto

!

interface FastEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex full

speed 1000

media-type rj45

negotiation auto

!

interface GigabitEthernet0/3

no ip address

duplex auto

speed 1000

media-type sfp

negotiation auto

vlan-range dot1q 1 4094

  pppoe enable group PPPOE

  exit-vlan-config

!

!

interface Virtual-Template1

mtu 1492

ip unnumbered Loopback0

ip tcp adjust-mss 1452

peer default ip address pool POOL1

no keepalive

ppp authentication chap pap

ppp ipcp address accept

!

!

router eigrp 1

network xx.xx.xx.xx xx.xx.xx.xx

redistribute connected

redistribute static

!

ip local pool POOL1 10.1.0.1 10.1.0.253

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

!

!

radius-server attribute 8 include-in-access-req

radius-server attribute nas-port format d

radius-server attribute nas-port-id include circuit-id

radius-server vsa send accounting

radius-server vsa send authentication

!

control-plane

!

!

!

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

This is what i see in the debug, starting from the access-accept packet from the radius:

Mar 28 09:50:25.887: RADIUS: Received from id 1645/165 xx.xx.xx.xx:1812, Access-Accept, len 54

Mar 28 09:50:25.887: RADIUS:  authenticator 83 89 7D B3 16 5E C0 B1 - 19 3D 50 F2 C8 92 A4 61

Mar 28 09:50:25.887: RADIUS:  Service-Type        [6]   6   Framed                    [2]

Mar 28 09:50:25.887: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]

Mar 28 09:50:25.887: RADIUS:  Framed-IP-Address   [8]   6   10.1.0.50             

Mar 28 09:50:25.887: RADIUS:  Framed-Route        [22]  16  "10.1.1.0/29"

Mar 28 09:50:25.887: RADIUS(00004122): Received from id 1645/165

Mar 28 09:50:25.887: ppp957 PPP: Received LOGIN Response PASS

Mar 28 09:50:25.887: ppp957 PPP AUTHOR: Author Data Available

Mar 28 09:50:25.887: ppp957 PPP: Receive Attrs from[authen] Keep[LCP] MERGE

Mar 28 09:50:25.887: ppp957 PPP: Keep Attr: service-type         2 [Framed]

Mar 28 09:50:25.887: ppp957 PPP: Keep Attr: Framed-Protocol      1 [PPP]

Mar 28 09:50:25.887: ppp957 PPP: Skip Attr: addr                 10.1.0.50

Mar 28 09:50:25.887: ppp957 PPP: Skip Attr: route                "10.1.1.0 255.255.255.248"

Mar 28 09:50:25.887: ppp957 PPP: Phase is FORWARDING, Attempting Forward

Mar 28 09:50:25.891: ppp957 PPP: Receive Attrs from[SSS] Keep[NCPs] MERGE

Mar 28 09:50:25.891: ppp957 PPP: Skip Attr: service-type         2 [Framed]

Mar 28 09:50:25.891: ppp957 PPP: Skip Attr: Framed-Protocol      1 [PPP]

Mar 28 09:50:25.891: ppp957 PPP: Keep Attr: addr                 10.1.0.50

Mar 28 09:50:25.891: ppp957 PPP: Skip Attr: route                "10.1.1.0 255.255.255.248"

Mar 28 09:50:25.895: [957]PPPoE 2959: State LCP_NEGOTIATION    Event SSS CONNECT LOCAL

Mar 28 09:50:25.895: [957]PPPoE 2959: Segment (SSS class): UPDATED

Mar 28 09:50:25.895: [957]PPPoE 2959: Segment (SSS class): BOUND

Mar 28 09:50:25.895: [957]PPPoE 2959: data path set to Virtual Acess

Mar 28 09:50:25.895: [957]PPPoE 2959: State LCP_NEGOTIATION    Event SSM UPDATED

Mar 28 09:50:25.895: AAA/BIND(00004122): Bind i/f Virtual-Access1.1

Mar 28 09:50:25.895: Vi1.1 PPP: Phase is AUTHENTICATING, Authenticated User

Mar 28 09:50:25.895: Vi1.1 LCP AUTHOR: Process LCP Author Data

Mar 28 09:50:25.895: Vi1.1 LCP AUTHOR: Process Attr: service-type

Mar 28 09:50:25.895: Vi1.1 LCP AUTHOR: Process Attr: Framed-Protocol

Mar 28 09:50:25.895: Vi1.1 LCP AUTHOR: Authorization succeeded

Mar 28 09:50:25.895: Vi1.1 CHAP: O SUCCESS id 1 len 4

Mar 28 09:50:25.895: [957]PPPoE 2959: AAA get dynamic attrs

Mar 28 09:50:25.895: Vi1.1 PPP: Store Author Attr: addr

Mar 28 09:50:25.895: Vi1.1 PPP: Phase is UP

Mar 28 09:50:25.895: Vi1.1 IPCP: Protocol configured, start CP. state[Initial]

Mar 28 09:50:25.895: Vi1.1 IPCP: Event[OPEN] State[Initial to Starting]

Mar 28 09:50:25.895: Vi1.1 IPCP: O CONFREQ [Starting] id 1 len 10

Mar 28 09:50:25.895: Vi1.1 IPCP:    Address 10.1.0.254 (0x03061F2C73FE)

Mar 28 09:50:25.895: Vi1.1 IPCP: Event[UP] State[Starting to REQsent]

Mar 28 09:50:25.895: [957]PPPoE 2959: State PTA_BINDING    Event STATIC BIND RESPONSE

Mar 28 09:50:25.895: [957]PPPoE 2959: Connected PTA

Mar 28 09:50:25.963: Vi1.1 IPCP: I CONFREQ [REQsent] id 1 len 22

Mar 28 09:50:25.963: Vi1.1 IPCP:    Address 0.0.0.0 (0x030600000000)

Mar 28 09:50:25.963: Vi1.1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)

Mar 28 09:50:25.963: Vi1.1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)

Mar 28 09:50:25.963: Vi1.1 IPCP AUTHOR: Start.  Her address 0.0.0.0, we want 0.0.0.0

Mar 28 09:50:25.963: Vi1.1 IPCP AUTHOR: Authorization succeeded

Mar 28 09:50:25.963: Vi1.1 IPCP AUTHOR: Done.  Her address 0.0.0.0, we want 10.1.0.50

Mar 28 09:50:25.963: Vi1.1 IPCP AUTHOR: no author-info for primary dns

Mar 28 09:50:25.963: Vi1.1 IPCP AUTHOR: no author-info for seconday dns

Mar 28 09:50:25.963: Vi1.1 IPCP: O CONFNAK [REQsent] id 1 len 22

Mar 28 09:50:25.963: Vi1.1 IPCP:    Address 10.1.0.50 (0x03061F2C7332)

Mar 28 09:50:25.963: Vi1.1 IPCP:    PrimaryDNS 8.8.8.8 (0x81061F2C7201)

Mar 28 09:50:25.963: Vi1.1 IPCP:    SecondaryDNS 8.8.4.4 (0x83061F2C7202)

Mar 28 09:50:25.963: Vi1.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]

Mar 28 09:50:25.967: Vi1.1 IPCP: I CONFACK [REQsent] id 1 len 10

Mar 28 09:50:25.967: Vi1.1 IPCP:    Address 10.1.0.254 (0x03061F2C73FE)

Mar 28 09:50:25.967: Vi1.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]

Mar 28 09:50:26.003: Vi1.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 22

Mar 28 09:50:26.003: Vi1.1 IPCP:    Address 10.1.0.50 (0x03061F2C7332)

Mar 28 09:50:26.003: Vi1.1 IPCP:    PrimaryDNS 8.8.8.8 (0x81061F2C7201)

Mar 28 09:50:26.003: Vi1.1 IPCP:    SecondaryDNS 8.8.4.4 (0x83061F2C7202)

Mar 28 09:50:26.003: Vi1.1 IPCP AUTHOR: no author-info for primary dns

Mar 28 09:50:26.003: Vi1.1 IPCP AUTHOR: no author-info for seconday dns

Mar 28 09:50:26.003: Vi1.1 IPCP: O CONFACK [ACKrcvd] id 2 len 22

Mar 28 09:50:26.003: Vi1.1 IPCP:    Address 10.1.0.50 (0x03061F2C7332)

Mar 28 09:50:26.003: Vi1.1 IPCP:    PrimaryDNS 8.8.8.8 (0x81061F2C7201)

Mar 28 09:50:26.003: Vi1.1 IPCP:    SecondaryDNS 8.8.4.4 (0x83061F2C7202)

Mar 28 09:50:26.003: Vi1.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]

Mar 28 09:50:26.007: Vi1.1 IPCP: State is Open

Mar 28 09:50:26.007: Vi1.1 IPCP: Install route to 10.1.0.50

I tried also with Cisco-AVpair ip:route with the same results. What i'm doing wrong?

Labels:
0 Helpful
3 Replies 3

mavespig
Level 3
Level 3

‎03-28-2012 04:11 AM

Hi,

can you paste here the radius user definition?

The attribute should be defined as:

        Framed-Route += "10.1.1.0/29 0.0.0.0"

Marco

0 Helpful

Blaster79
Level 1
Level 1

‎03-28-2012 07:09 AM

Hi Marco,

actually i have:

Framed-Route = "10.1.1.0/29"

but i tried also:

Framed-Route += "10.1.1.0/29 0.0.0.0"

with the same results

Mar 28 14:03:31.391: ppp958 PPP: Skip Attr: route                "10.1.1.0 255.255.255.248 0.0.0.0"

0 Helpful

Blaster79
Level 1
Level 1

‎04-05-2012 07:33 AM

I solved this by upgrading IOS image from IP BASE to ADV IP SERVICES.

0 Helpful
Customers Also Viewed These Support Documents