Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
3
Replies

IOS XR BNG Authentication failed

anas.abdullkarim
Level 1
Level 1

‎06-20-2022 05:22 AM

hello, I have router A9K IOS XR 6.6.3, which is configured as BNG PPPoE, and connected to the radius server for Authentication, 

the client is connected normally, and the router working fine, but after BNG reaches 987 sessions, any new client tries to connect, but he gets failed Authentication, I check the radius server, and the radius is accepted auth and sends a message to the router, but the router rejects this session?

 

 

radius-server host 94.231.199.99 auth-port 1812 acct-port 1813
 key 7 080362692F2D31
!
aaa radius attribute nas-port format e SSAAPPPPQQQQQQQQQQVVVVVVVVVVUUUU
aaa radius attribute nas-port-id format NAS_PORT_FORMAT
aaa radius attribute calling-station-id format MAC_RADIUS
aaa accounting subscriber default group radius
aaa authorization subscriber default group radius
aaa authentication subscriber default group radius
subscriber
pppoe bba-group PPPOE-BBA
 mtu 1508
 tag ppp-max-payload minimum 1500 maximum 1508
 service selection disable
 pado delay 0
 timeout completion 30
!

 

 

 

aaa server radius dynamic-author
 port 1700
 client 94.231.199.99 vrf default
  server-key 7 106C273E232326
 !
!
policy-map type control subscriber PPPOE_DEFAULT
 event session-start match-first
  class type control subscriber PPP do-until-failure
   10 activate dynamic-template TPL
  ! 
 ! 
 event session-activate match-first
  class type control subscriber PPP do-until-failure
   10 authenticate aaa list default
  ! 
 ! 
 end-policy-map
!

 

 

 

Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎06-20-2022 09:52 AM

 

 - It's kind of 'dark shot' , but using latest advisory release : https://software.cisco.com/download/home/286326412/type/280805694/release/7.5.2  , can always be useful to check if the problem is 'persistent'

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

anas.abdullkarim
Level 1
Level 1
In response to marce1000

‎06-20-2022 09:56 AM

Hello, i try two versions 

6.4.2 and 6.6.3 and same issue,

maybe session need license?

0 Helpful

anas.abdullkarim
Level 1
Level 1
In response to marce1000

‎06-20-2022 02:34 PM

user from 1 to 987 is connected,

 

user988 and above is not connected 

 

 

User name:                user988
Formatted User name:      unknown
Client User name:         unknown
Outer VLAN ID:            1800
Inner VLAN ID:            100
Subscriber Label:         0x04009428
Created:                  Tue Jun 21 00:32:06 2022
State:                    Disconnecting, Tue Jun 21 00:32:06 2022

Disconnect Reason:
Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause:              AAA_AV_ABORT_CAUSE_NO_REASON (0)
Terminate Cause:          AAA_AV_TERMINATE_CAUSE_NONE (0)
Disconnect called by:     ppp_ma
Authentication:           unauthenticated
Authorization:            unauthorized
Ifhandle:                 0x0a038540
Session History ID:       0
Access-interface:         TenGigE0/3/0/1.1800
Disconnect Requesters:    0x00000030 {PPPoE,PPP}
Disconnect Helpers:       0x00000000 {}
SRG Flags:                0x00000000(N)
SRG Group ID:             0
Prepaid State:            (Disabled)
Policy Executed:

event Session-Start match-first [at 1655760726]
 class type control subscriber PPP do-until-failure [Succeeded]
 10 activate dynamic-template QINQ [cerr: No error][aaa: Success]
event Session-Activate match-first [at 1655760737]
 class type control subscriber PPP do-until-failure [Succeeded]
 10 authenticate aaa list default [cerr: No error][aaa: Success]
Session Accounting: disabled
Last COA request received: unavailable
User Profile received from AAA: None
Pending Callbacks: PPSM->Subdb-DESTROY,PPSM-Sub>Policy-Disc,Policy-Disc>PPSM,
Services:
  Name        : QINQ
  Service-ID  : 0x4000003
  Type        : Template
  Status      : Applied
[Event History]
   Jun 21 00:32:18.304 Service status update [many]
-------------------------
[Event History]
   Jun 21 00:32:06.656 SUBDB session create
   Jun 21 00:32:17.280 Session activate
   Jun 21 00:32:17.280 Authentication req
   Jun 21 00:32:17.408 Authentication res
   Jun 21 00:32:18.304 SUBDB produce done(fail)
   Jun 21 00:32:18.304 SUBDB produce done Start [many]
   Jun 21 00:32:18.304 SUBDB produce done [many]
   Jun 21 00:32:18.432 SUBDB destroy

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card