03-27-2020 01:43 PM
hello , i have ASR1006 with esp100
i configure it as pppoe server with freeraduis
i have now more of 5000 client
but the service is not stable , sometime user's have many time delay to connecting
sometime user auto disconnected , and sometime not all user's can authentication , below is my config
what i can add or remove or change in my config to make it optimize and fix my issues
aaa group server radius ANAS server name ANAS ! aaa server radius dynamic-author client x.x.x.x server-key 7 121F0C1517190E05242F342D212031015E44 server-key 7 104D8220A0618 auth-type any ignore session-key ignore server-key ! bba-group pppoe PPPOE_OUT virtual-template 3 sessions per-vc limit 64000 sessions per-mac limit 64000 sessions per-vlan limit 64000 inner 64000 interface Virtual-Template3 mtu 1460 ip unnumbered Loopback0 no ip redirects ip nat inside ip tcp adjust-mss 1400 ip policy route-map ROUTE-TV no logging event link-status timeout absolute 4320 0 peer default ip address pool interface localpool keepalive 5 ppp authentication chap ppp ipcp dns 8.8.8.8 8.8.4.4 ppp timeout retry 80 ppp timeout authentication 60 ip virtual-reassembly interface Port-channel1.905 description PPPOE-QAYRIA encapsulation dot1Q 905 no ip redirects no ip unreachables no ip proxy-arp pppoe enable group PPPOE_OUT ! radius-server attribute 44 include-in-access-req all radius-server attribute 31 mac format one-byte delimiter colon radius-server attribute 31 send nas-port-detail mac-only radius-server attribute nas-port-id include circuit-id radius-server timeout 10 radius-server unique-ident 38 radius-server key 7 1048001B0005100A02003A2E363D20277B41 aaa authentication ppp default group radius aaa authorization network default group radius aaa accounting delay-start all aaa accounting nested aaa accounting update periodic 1 aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius ! interface Virtual-Template1 mtu 1460 ip unnumbered Loopback0 no ip redirects ip nat inside ip tcp adjust-mss 1400 ip policy route-map ROUTE-TV no logging event link-status peer default ip address pool interface localpool keepalive 6 ppp authentication chap ppp ipcp dns 8.8.8.8 8.8.4.4 !
03-30-2020 07:45 AM
Hello @anas.abdullkarim ,
for sure the following line in the bba-group definition is too much
>>
sessions per-mac limit 64000
you should use a per MAC address limit of two to allow a user to reconnect while its previous PPPoE session is deleting.
Hope to help
Giuseppe
03-30-2020 11:56 AM
Hello,
try and strip the virtual template to the most basic config (changes and additions marked in bold):
aaa group server radius ANAS
server name ANAS
!
aaa server radius dynamic-author
client x.x.x.x server-key 7 121F0C1517190E05242F342D212031015E44
server-key 7 104D8220A0618
auth-type any
ignore session-key
ignore server-key
!
bba-group pppoe PPPOE_OUT
virtual-template 3
--> no sessions per-vc limit 64000
--> no sessions per-mac limit 64000
--> no sessions per-vlan limit 64000 inner 64000
!
interface Virtual-Template3
--> no mtu 1460
ip unnumbered Loopback0
no ip redirects
ip nat inside
--> no ip tcp adjust-mss 1400
--> no ip policy route-map ROUTE-TV
no logging event link-status
--> no timeout absolute 4320 0
peer default ip address pool interface localpool
--> keepalive 30
ppp authentication chap
ppp ipcp dns 8.8.8.8 8.8.4.4
--> no ppp timeout retry 80
--> no ppp timeout authentication 60
ip virtual-reassembly
interface Port-channel1.905
description PPPOE-QAYRIA
encapsulation dot1Q 905
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group PPPOE_OUT
!
radius-server attribute 44 include-in-access-req all
radius-server attribute 31 mac format one-byte delimiter colon
radius-server attribute 31 send nas-port-detail mac-only
radius-server attribute nas-port-id include circuit-id
radius-server timeout 10
radius-server unique-ident 38
radius-server key 7 1048001B0005100A02003A2E363D20277B41
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start all
aaa accounting nested
aaa accounting update periodic 1
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
!
interface Virtual-Template1
--> no mtu 1460
ip unnumbered Loopback0
no ip redirects
ip nat inside
--> no ip tcp adjust-mss 1400
--> no ip policy route-map ROUTE-TV
no logging event link-status
peer default ip address pool interface localpool
--> keepalive 30
ppp authentication chap
ppp ipcp dns 8.8.8.8 8.8.4.4
!
03-30-2020 11:58 AM
03-30-2020 12:26 PM
Hello,
in that case, leave those lines in there. I just want to see if the problem persists if you take all the extra stuff out...
03-30-2020 01:26 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide