cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
597
Views
5
Helpful
5
Replies
anas.abdullkarim
Beginner

optimize my pppoe server config

hello , i have ASR1006 with esp100

i configure it as pppoe server with freeraduis 

i have now more of 5000 client

but the service is not stable  , sometime user's have many time delay to connecting 

sometime user auto disconnected , and sometime not all user's can authentication , below is my config

what i can add or remove or change in my config to make it optimize and fix my issues  

 

aaa group server radius ANAS
 server name ANAS
!

aaa server radius dynamic-author
 client x.x.x.x server-key 7 121F0C1517190E05242F342D212031015E44
 server-key 7 104D8220A0618
 auth-type any
 ignore session-key
 ignore server-key
!

bba-group pppoe PPPOE_OUT
 virtual-template 3
 sessions per-vc limit 64000
 sessions per-mac limit 64000
 sessions per-vlan limit 64000 inner 64000

interface Virtual-Template3
 mtu 1460
 ip unnumbered Loopback0
 no ip redirects
 ip nat inside
 ip tcp adjust-mss 1400
 ip policy route-map ROUTE-TV
 no logging event link-status
 timeout absolute 4320 0
 peer default ip address pool interface localpool
 keepalive 5
 ppp authentication chap
 ppp ipcp dns 8.8.8.8 8.8.4.4
 ppp timeout retry 80
 ppp timeout authentication 60
 ip virtual-reassembly

interface Port-channel1.905
 description PPPOE-QAYRIA
 encapsulation dot1Q 905
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 pppoe enable group PPPOE_OUT
!


radius-server attribute 44 include-in-access-req all
radius-server attribute 31 mac format one-byte delimiter colon
radius-server attribute 31 send nas-port-detail mac-only
radius-server attribute nas-port-id include circuit-id
radius-server timeout 10
radius-server unique-ident 38
radius-server key 7 1048001B0005100A02003A2E363D20277B41



aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start all
aaa accounting nested
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius


!
interface Virtual-Template1
 mtu 1460
 ip unnumbered Loopback0
 no ip redirects
 ip nat inside
 ip tcp adjust-mss 1400
 ip policy route-map ROUTE-TV
 no logging event link-status
 peer default ip address pool interface localpool
 keepalive 6
 ppp authentication chap
 ppp ipcp dns 8.8.8.8 8.8.4.4
!

 

 

 

5 REPLIES 5
Giuseppe Larosa
Hall of Fame Master

Hello @anas.abdullkarim ,

for sure the following line in the bba-group definition is too much

>>

sessions per-mac limit 64000

you should use a per MAC address limit of two to allow a user to reconnect while its previous PPPoE session is deleting.

 

Hope to help

Giuseppe

Georg Pauwen
VIP Expert

Hello,

 

try and strip the virtual template to the most basic config (changes and additions marked in bold):

 

aaa group server radius ANAS
server name ANAS
!
aaa server radius dynamic-author
client x.x.x.x server-key 7 121F0C1517190E05242F342D212031015E44
server-key 7 104D8220A0618
auth-type any
ignore session-key
ignore server-key
!

bba-group pppoe PPPOE_OUT
virtual-template 3
--> no sessions per-vc limit 64000
--> no sessions per-mac limit 64000
--> no sessions per-vlan limit 64000 inner 64000

!

interface Virtual-Template3
--> no mtu 1460
ip unnumbered Loopback0
no ip redirects
ip nat inside
--> no ip tcp adjust-mss 1400
--> no ip policy route-map ROUTE-TV
no logging event link-status
--> no timeout absolute 4320 0
peer default ip address pool interface localpool
--> keepalive 30
ppp authentication chap
ppp ipcp dns 8.8.8.8 8.8.4.4
--> no ppp timeout retry 80
--> no ppp timeout authentication 60
ip virtual-reassembly

interface Port-channel1.905
description PPPOE-QAYRIA
encapsulation dot1Q 905
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group PPPOE_OUT
!
radius-server attribute 44 include-in-access-req all
radius-server attribute 31 mac format one-byte delimiter colon
radius-server attribute 31 send nas-port-detail mac-only
radius-server attribute nas-port-id include circuit-id
radius-server timeout 10
radius-server unique-ident 38
radius-server key 7 1048001B0005100A02003A2E363D20277B41
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start all
aaa accounting nested
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
!
interface Virtual-Template1
--> no mtu 1460
ip unnumbered Loopback0
no ip redirects
ip nat inside
--> no ip tcp adjust-mss 1400
--> no ip policy route-map ROUTE-TV
no logging event link-status
peer default ip address pool interface localpool
--> keepalive 30
ppp authentication chap
ppp ipcp dns 8.8.8.8 8.8.4.4
!

thanks for reply , but why i delete
--> no sessions per-vc limit 64000
--> no sessions per-mac limit 64000
--> no sessions per-vlan limit 64000 inner 64000

someitme i have customer he have more of 1000 client is his switch
maybe my router see it as one mac addreess

Hello,

 

in that case, leave those lines in there. I just want to see if the problem persists if you take all the extra stuff out...