From:
Mauritz Lewies
<mauritz@three6five.com>
Reply-To:
mauritz@three6five.com
To:
cisco-bba@puck.nether.net
Subject:
cisco-bba] duplicate Vi interfaces
on 12.4T(22)]
Date:
Wed, 17 Jun 2009 16:15:51 +0200
Hi
We're having some weird issues with L2TP terminated links.
L2TP sessions are being terminated and built correctly from Radius sent
config but in some cases the router allocates a Virtual-Access interface
that is already active.
----------------------------------------------
L2TP-DSL-PE2#SHOW VPDn SESS
L2TP Session Information Total tunnels 9 sessions 9
LocID RemID TunID Username, Intf/ State Last Chg
Uniq ID
Vcid,
Circuit
4012 49 14211 550-nti-mabo-ad, Vi4 est 00:35:44
38
4009 33 17734 1-mint-rf@bcs-m, Vi3 est 04:24:19
30
3987 2355 27602 554-nti-pret-no, Vi6 est 16:38:52
6
1552 11 30424 1-meib-adsl@bcs, Vi6 est 1d17h
576
3989 894 31125 551-nti-walt-ad, Vi7 est 09:14:24
13
4008 11193 48740 553-nti-pret-we, Vi2 est 04:58:10
31
3986 12 58608 552-nti-baba-ad, Vi4 est 18:02:09
9
3988 936 62131 1-nap-joha-nel-, Vi2 est 12:42:23
11
1553 11 64953 1-mark-adsl@bcs, Vi8 est 1d17h
577
L2TP-DSL-PE2#SHOW INT VIRTual-Access 6
Virtual-Access6 is up, line protocol is up
Hardware is Virtual Access interface
Description: 554-nti-pret-nort-adsl
Internet address is 172.16.150.154/30
MTU 1452 bytes, BW 1024 Kbit/sec, RxBW 256 Kbit/sec, DLY 100000
usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoVPDN vaccess, cloned from AAA, Virtual-Template1
Vaccess status 0x44
Protocol l2tp, tunnel id 27602, session id 3987, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Last input 00:00:01, output never, output hang never
Last clearing of "show interface" counters 17:49:11
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
177636 packets input, 12441878 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
194012 packets output, 91814604 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
L2TP-DSL-PE2#sh l2tun | in Vi6
3987 2355 27602 554-nti-pret-no, Vi6 est 16:45:18
6
1552 11 30424 1-meib-adsl@bcs, Vi6 est 1d17h
576
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP
Class/
Count VPDN
Group
27602 17646 554-nti-pret- est 10.205.17.62 1
L2TP
LocID RemID TunID Username, Intf/ State Last Chg
Uniq ID
Vcid,
Circuit
3987 2355 27602 554-nti-pret-no, Vi6 est 16:46:08
6
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP
Class/
Count VPDN
Group
30424 57600 1-meib est 10.205.20.23 1
L2TP
-------------------------------------------------------------------------------
The only way to resolve this is to clear the VPDN session ID.
The router is a 7206 VXR NPE-400 running 12.4T(22) IP base.
------------------------
vpdn enable
vpdn multihop
vpdn authen-before-forward
vpdn search-order domain
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
lcp renegotiation always
no l2tp tunnel authentication
l2tp tunnel timeout no-session 1800
l2tp tunnel retransmit retries 7
l2tp tunnel retransmit timeout min 2
l2tp tunnel retransmit timeout max 5
!
interface Virtual-Template1
description L2TP-TEMPLATE
mtu 1452
bandwidth 512
bandwidth receive 256
no ip address
ip tcp adjust-mss 1460
load-interval 30
no peer default ip address
keepalive 10 3
traffic-shape rate 512000 12800 12800 1000
ppp mtu adaptive
ppp authentication chap callin
!
radius-server host zzz.zzz.zzz.zzz auth-port 1812 acct-port 1813
radius-server source-ports extended
!
----------------------------------
Radius example:
------------------------------------
test1-l2tp-adsl@test.co.za Auth-Type := Local, Cleartext-Password :=
"testing123"
Service-Type = Framed-User,
Framed-IP-Address = 10.250.0.2,
Cisco-AVPair += "interface-config#1=ip vrf forwarding CustA
",
Cisco-AVPair += "lcp:interface-config#2=ip address 10.250.0.1
255.255.255.252",
Cisco-AVPair += "lcp:interface-config#3=decription TEST1 ADSL
Primary",
Cisco-AVPair += "lcp:interface-config#4=bandwidth 1024",
Cisco-AVPair += "ip:route=172.16.28.0 255.255.255.0 10.250.0.2"
--------------------------------------
Has anyone seen similar issues or potential resolutions?
Mauritz Lewies
<mauritz@three6five.com>
Reply-To:
mauritz@three6five.com
To:
cisco-bba@puck.nether.net
Subject:
cisco-bba] duplicate Vi interfaces
on 12.4T(22)]
Date:
Wed, 17 Jun 2009 16:15:51 +0200
Hi
We're having some weird issues with L2TP terminated links.
L2TP sessions are being terminated and built correctly from Radius sent
config but in some cases the router allocates a Virtual-Access interface
that is already active.
----------------------------------------------
L2TP-DSL-PE2#SHOW VPDn SESS
L2TP Session Information Total tunnels 9 sessions 9
LocID RemID TunID Username, Intf/ State Last Chg
Uniq ID
Vcid,
Circuit
4012 49 14211 550-nti-mabo-ad, Vi4 est 00:35:44
38
4009 33 17734 1-mint-rf@bcs-m, Vi3 est 04:24:19
30
3987 2355 27602 554-nti-pret-no, Vi6 est 16:38:52
6
1552 11 30424 1-meib-adsl@bcs, Vi6 est 1d17h
576
3989 894 31125 551-nti-walt-ad, Vi7 est 09:14:24
13
4008 11193 48740 553-nti-pret-we, Vi2 est 04:58:10
31
3986 12 58608 552-nti-baba-ad, Vi4 est 18:02:09
9
3988 936 62131 1-nap-joha-nel-, Vi2 est 12:42:23
11
1553 11 64953 1-mark-adsl@bcs, Vi8 est 1d17h
577
L2TP-DSL-PE2#SHOW INT VIRTual-Access 6
Virtual-Access6 is up, line protocol is up
Hardware is Virtual Access interface
Description: 554-nti-pret-nort-adsl
Internet address is 172.16.150.154/30
MTU 1452 bytes, BW 1024 Kbit/sec, RxBW 256 Kbit/sec, DLY 100000
usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoVPDN vaccess, cloned from AAA, Virtual-Template1
Vaccess status 0x44
Protocol l2tp, tunnel id 27602, session id 3987, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Last input 00:00:01, output never, output hang never
Last clearing of "show interface" counters 17:49:11
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
177636 packets input, 12441878 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
194012 packets output, 91814604 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
L2TP-DSL-PE2#sh l2tun | in Vi6
3987 2355 27602 554-nti-pret-no, Vi6 est 16:45:18
6
1552 11 30424 1-meib-adsl@bcs, Vi6 est 1d17h
576
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP
Class/
Count VPDN
Group
27602 17646 554-nti-pret- est 10.205.17.62 1
L2TP
LocID RemID TunID Username, Intf/ State Last Chg
Uniq ID
Vcid,
Circuit
3987 2355 27602 554-nti-pret-no, Vi6 est 16:46:08
6
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP
Class/
Count VPDN
Group
30424 57600 1-meib est 10.205.20.23 1
L2TP
-------------------------------------------------------------------------------
The only way to resolve this is to clear the VPDN session ID.
The router is a 7206 VXR NPE-400 running 12.4T(22) IP base.
------------------------
vpdn enable
vpdn multihop
vpdn authen-before-forward
vpdn search-order domain
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
lcp renegotiation always
no l2tp tunnel authentication
l2tp tunnel timeout no-session 1800
l2tp tunnel retransmit retries 7
l2tp tunnel retransmit timeout min 2
l2tp tunnel retransmit timeout max 5
!
interface Virtual-Template1
description L2TP-TEMPLATE
mtu 1452
bandwidth 512
bandwidth receive 256
no ip address
ip tcp adjust-mss 1460
load-interval 30
no peer default ip address
keepalive 10 3
traffic-shape rate 512000 12800 12800 1000
ppp mtu adaptive
ppp authentication chap callin
!
radius-server host zzz.zzz.zzz.zzz auth-port 1812 acct-port 1813
radius-server source-ports extended
!
----------------------------------
Radius example:
------------------------------------
test1-l2tp-adsl@test.co.za Auth-Type := Local, Cleartext-Password :=
"testing123"
Service-Type = Framed-User,
Framed-IP-Address = 10.250.0.2,
Cisco-AVPair += "interface-config#1=ip vrf forwarding CustA
",
Cisco-AVPair += "lcp:interface-config#2=ip address 10.250.0.1
255.255.255.252",
Cisco-AVPair += "lcp:interface-config#3=decription TEST1 ADSL
Primary",
Cisco-AVPair += "lcp:interface-config#4=bandwidth 1024",
Cisco-AVPair += "ip:route=172.16.28.0 255.255.255.0 10.250.0.2"
--------------------------------------
Has anyone seen similar issues or potential resolutions?