Mailing List Archive

Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:

> We are trying to run ospf over a pppoe link. everything works to as
> you would expect with ospf except that on the lns side the
> virtual-access interface is always in passive mode so it never sends
> hellos packets or listens for them. The client side is sending them
> out the proper interface. has anyone done this successfully?
>
> I can supply config snap shots if that is helpful.
>

OSPF config is needed, but I'd guess you did something like

router ospf 1
passive-interface default
no passive-interface Virtual-template1

This won't work as the "no passive-interface" is taken literally, the
Virtual-Access<n> (VAI) interfaces will be matched by the
"passive-interface default".

Depending on your IOS version, you could use the "ip ospf area <area>"
interface command to enable OSPF (see the "Area Command in Interface
Mode for OSPFv2" feature documentation), and apply this command via
Radius/lcp:interface-config in a per-user fashion so only some users
will be able to speak OSPF with you. If this doesn't work, you could use
a different loopback interface for these users (either a different
vtemplate or apply an "ip unnumbered Loopback1" using
Radius/lcp:interface-config) and use "network <loopback1-address>
0.0.0.0 area <area>", so all VAI's referencing this loopback will be put
into OSPF.
Make sure to run OSPF MD5 authentication here..

But, this is just a wild guess ;-)

oli

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Here is some of the config. Let me know what else you may need.



router ospf 1
router-id XXX.X.137.65
log-adjacency-changes
limit retransmissions dc disable non-dc disable
redistribute connected subnets route-map netout
redistribute static subnets route-map netout
network xxx.x.136.213 0.0.0.0 area 0
network xxx.x.137.65 0.0.0.0 area 0

!<snip>

interface Virtual-Template3
mtu 1492
ip unnumbered FastEthernet0/0.4
ip load-sharing per-packet
ip ospf mtu-ignore
no logging event link-status
load-interval 30
peer default ip address pool dynlon1
ppp authentication pap PPP_LOCAL
ppp authorization PPP_LOCAL



sh ip ospf int vi3.1

Virtual-Access3.1 is up, line protocol is up
Internet Address 0.0.0.0/0, Area 0
Process ID 1, Router ID XXX.X.137.65, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
No Hellos (Passive interface)
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 4/4, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)


----- Original Message -----
From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
Sent: Wednesday, March 21, 2007 12:38 PM
Subject: RE: [cisco-bba] ospf over pppoe link


> Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:
>
>> We are trying to run ospf over a pppoe link. everything works to as
>> you would expect with ospf except that on the lns side the
>> virtual-access interface is always in passive mode so it never sends
>> hellos packets or listens for them. The client side is sending them
>> out the proper interface. has anyone done this successfully?
>>
>> I can supply config snap shots if that is helpful.
>>
>
> OSPF config is needed, but I'd guess you did something like
>
> router ospf 1
> passive-interface default
> no passive-interface Virtual-template1
>
> This won't work as the "no passive-interface" is taken literally, the
> Virtual-Access<n> (VAI) interfaces will be matched by the
> "passive-interface default".
>
> Depending on your IOS version, you could use the "ip ospf area <area>"
> interface command to enable OSPF (see the "Area Command in Interface
> Mode for OSPFv2" feature documentation), and apply this command via
> Radius/lcp:interface-config in a per-user fashion so only some users
> will be able to speak OSPF with you. If this doesn't work, you could use
> a different loopback interface for these users (either a different
> vtemplate or apply an "ip unnumbered Loopback1" using
> Radius/lcp:interface-config) and use "network <loopback1-address>
> 0.0.0.0 area <area>", so all VAI's referencing this loopback will be put
> into OSPF.
> Make sure to run OSPF MD5 authentication here..
>
> But, this is just a wild guess ;-)
>
> oli
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date: 3/21/2007
> 7:52 AM
>
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Mark,

Can you try to add "Framed-Routing = 3" to your Radius profile and see
if this makes a difference?

oli

Mark Jones <mailto:mjones@mnsi.net> wrote on Wednesday, March 21, 2007
7:48 PM:

> Here is some of the config. Let me know what else you may need.
>
>
>
> router ospf 1
> router-id XXX.X.137.65
> log-adjacency-changes
> limit retransmissions dc disable non-dc disable
> redistribute connected subnets route-map netout
> redistribute static subnets route-map netout
> network xxx.x.136.213 0.0.0.0 area 0
> network xxx.x.137.65 0.0.0.0 area 0
>
> !<snip>
>
> interface Virtual-Template3
> mtu 1492
> ip unnumbered FastEthernet0/0.4
> ip load-sharing per-packet
> ip ospf mtu-ignore
> no logging event link-status
> load-interval 30
> peer default ip address pool dynlon1
> ppp authentication pap PPP_LOCAL
> ppp authorization PPP_LOCAL
>
>
>
> sh ip ospf int vi3.1
>
> Virtual-Access3.1 is up, line protocol is up
> Internet Address 0.0.0.0/0, Area 0
> Process ID 1, Router ID XXX.X.137.65, Network Type POINT_TO_POINT,
> Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT
> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
> oob-resync timeout 40
> No Hellos (Passive interface)
> Supports Link-local Signaling (LLS)
> Cisco NSF helper support enabled
> IETF NSF helper support enabled
> Index 4/4, flood queue length 0
> Next 0x0(0)/0x0(0)
> Last flood scan length is 0, maximum is 0
> Last flood scan time is 0 msec, maximum is 0 msec
> Neighbor Count is 0, Adjacent neighbor count is 0
> Suppress hello for 0 neighbor(s)
>
>
> ----- Original Message -----
> From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
> To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
> Sent: Wednesday, March 21, 2007 12:38 PM
> Subject: RE: [cisco-bba] ospf over pppoe link
>
>
>> Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:
>>
>>> We are trying to run ospf over a pppoe link. everything works to as
>>> you would expect with ospf except that on the lns side the
>>> virtual-access interface is always in passive mode so it never sends
>>> hellos packets or listens for them. The client side is sending them
>>> out the proper interface. has anyone done this successfully?
>>>
>>> I can supply config snap shots if that is helpful.
>>>
>>
>> OSPF config is needed, but I'd guess you did something like
>>
>> router ospf 1
>> passive-interface default
>> no passive-interface Virtual-template1
>>
>> This won't work as the "no passive-interface" is taken literally, the
>> Virtual-Access<n> (VAI) interfaces will be matched by the
>> "passive-interface default".
>>
>> Depending on your IOS version, you could use the "ip ospf area
>> <area>" interface command to enable OSPF (see the "Area Command in
>> Interface
>> Mode for OSPFv2" feature documentation), and apply this command via
>> Radius/lcp:interface-config in a per-user fashion so only some users
>> will be able to speak OSPF with you. If this doesn't work, you could
>> use a different loopback interface for these users (either a
>> different vtemplate or apply an "ip unnumbered Loopback1" using
>> Radius/lcp:interface-config) and use "network <loopback1-address>
>> 0.0.0.0 area <area>", so all VAI's referencing this loopback will be
>> put into OSPF. Make sure to run OSPF MD5 authentication here..
>>
>> But, this is just a wild guess ;-)
>>
>> oli
>>
>>
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
>> 3/21/2007 7:52 AM

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

yes that fixed that problem. The two client router and the lns see hello
packets form each other. The lns goes into int mode. The client complaints
"Rcv pkt from xxx.x.137.65, Dialer2, area 0.0.0.0 : src not on the same
network"

As the dialer 2 interface has a /32 ip and the interface bound to the
virtual-template can't be part of that /32 network I am not sure what the
solution to this would be.


----- Original Message -----
From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
Sent: Thursday, March 22, 2007 12:30 AM
Subject: RE: [cisco-bba] ospf over pppoe link


> Mark,
>
> Can you try to add "Framed-Routing = 3" to your Radius profile and see
> if this makes a difference?
>
> oli
>
> Mark Jones <mailto:mjones@mnsi.net> wrote on Wednesday, March 21, 2007
> 7:48 PM:
>
>> Here is some of the config. Let me know what else you may need.
>>
>>
>>
>> router ospf 1
>> router-id XXX.X.137.65
>> log-adjacency-changes
>> limit retransmissions dc disable non-dc disable
>> redistribute connected subnets route-map netout
>> redistribute static subnets route-map netout
>> network xxx.x.136.213 0.0.0.0 area 0
>> network xxx.x.137.65 0.0.0.0 area 0
>>
>> !<snip>
>>
>> interface Virtual-Template3
>> mtu 1492
>> ip unnumbered FastEthernet0/0.4
>> ip load-sharing per-packet
>> ip ospf mtu-ignore
>> no logging event link-status
>> load-interval 30
>> peer default ip address pool dynlon1
>> ppp authentication pap PPP_LOCAL
>> ppp authorization PPP_LOCAL
>>
>>
>>
>> sh ip ospf int vi3.1
>>
>> Virtual-Access3.1 is up, line protocol is up
>> Internet Address 0.0.0.0/0, Area 0
>> Process ID 1, Router ID XXX.X.137.65, Network Type POINT_TO_POINT,
>> Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT
>> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
>> oob-resync timeout 40
>> No Hellos (Passive interface)
>> Supports Link-local Signaling (LLS)
>> Cisco NSF helper support enabled
>> IETF NSF helper support enabled
>> Index 4/4, flood queue length 0
>> Next 0x0(0)/0x0(0)
>> Last flood scan length is 0, maximum is 0
>> Last flood scan time is 0 msec, maximum is 0 msec
>> Neighbor Count is 0, Adjacent neighbor count is 0
>> Suppress hello for 0 neighbor(s)
>>
>>
>> ----- Original Message -----
>> From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
>> To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
>> Sent: Wednesday, March 21, 2007 12:38 PM
>> Subject: RE: [cisco-bba] ospf over pppoe link
>>
>>
>>> Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:
>>>
>>>> We are trying to run ospf over a pppoe link. everything works to as
>>>> you would expect with ospf except that on the lns side the
>>>> virtual-access interface is always in passive mode so it never sends
>>>> hellos packets or listens for them. The client side is sending them
>>>> out the proper interface. has anyone done this successfully?
>>>>
>>>> I can supply config snap shots if that is helpful.
>>>>
>>>
>>> OSPF config is needed, but I'd guess you did something like
>>>
>>> router ospf 1
>>> passive-interface default
>>> no passive-interface Virtual-template1
>>>
>>> This won't work as the "no passive-interface" is taken literally, the
>>> Virtual-Access<n> (VAI) interfaces will be matched by the
>>> "passive-interface default".
>>>
>>> Depending on your IOS version, you could use the "ip ospf area
>>> <area>" interface command to enable OSPF (see the "Area Command in
>>> Interface
>>> Mode for OSPFv2" feature documentation), and apply this command via
>>> Radius/lcp:interface-config in a per-user fashion so only some users
>>> will be able to speak OSPF with you. If this doesn't work, you could
>>> use a different loopback interface for these users (either a
>>> different vtemplate or apply an "ip unnumbered Loopback1" using
>>> Radius/lcp:interface-config) and use "network <loopback1-address>
>>> 0.0.0.0 area <area>", so all VAI's referencing this loopback will be
>>> put into OSPF. Make sure to run OSPF MD5 authentication here..
>>>
>>> But, this is just a wild guess ;-)
>>>
>>> oli
>>>
>>>
>>>
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
>>> 3/21/2007 7:52 AM
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date: 3/21/2007
> 7:52 AM
>
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

What is the dialer's configuration look like? What does "show ip ospf
int dialer2" say on the client? If you use "ip unnumbered" on both ends,
it should work just fine..

oli

Mark Jones <mailto:mjones@mnsi.net> wrote on Thursday, March 22, 2007
2:19 PM:

> yes that fixed that problem. The two client router and the lns see
> hello packets form each other. The lns goes into int mode. The client
> complaints "Rcv pkt from xxx.x.137.65, Dialer2, area 0.0.0.0 : src
> not on the same network"
>
> As the dialer 2 interface has a /32 ip and the interface bound to the
> virtual-template can't be part of that /32 network I am not sure what
> the solution to this would be.
>
>
> ----- Original Message -----
> From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
> To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
> Sent: Thursday, March 22, 2007 12:30 AM
> Subject: RE: [cisco-bba] ospf over pppoe link
>
>
>> Mark,
>>
>> Can you try to add "Framed-Routing = 3" to your Radius profile and
>> see
>> if this makes a difference?
>>
>> oli
>>
>> Mark Jones <mailto:mjones@mnsi.net> wrote on Wednesday, March 21,
>> 2007 7:48 PM:
>>
>>> Here is some of the config. Let me know what else you may need.
>>>
>>>
>>>
>>> router ospf 1
>>> router-id XXX.X.137.65
>>> log-adjacency-changes
>>> limit retransmissions dc disable non-dc disable
>>> redistribute connected subnets route-map netout
>>> redistribute static subnets route-map netout
>>> network xxx.x.136.213 0.0.0.0 area 0
>>> network xxx.x.137.65 0.0.0.0 area 0
>>>
>>> !<snip>
>>>
>>> interface Virtual-Template3
>>> mtu 1492
>>> ip unnumbered FastEthernet0/0.4
>>> ip load-sharing per-packet
>>> ip ospf mtu-ignore
>>> no logging event link-status
>>> load-interval 30
>>> peer default ip address pool dynlon1
>>> ppp authentication pap PPP_LOCAL
>>> ppp authorization PPP_LOCAL
>>>
>>>
>>>
>>> sh ip ospf int vi3.1
>>>
>>> Virtual-Access3.1 is up, line protocol is up
>>> Internet Address 0.0.0.0/0, Area 0
>>> Process ID 1, Router ID XXX.X.137.65, Network Type POINT_TO_POINT,
>>> Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT
>>> Timer intervals configured, Hello 10, Dead 40, Wait 40,
>>> Retransmit 5 oob-resync timeout 40 No Hellos (Passive
>>> interface) Supports Link-local Signaling (LLS)
>>> Cisco NSF helper support enabled
>>> IETF NSF helper support enabled
>>> Index 4/4, flood queue length 0
>>> Next 0x0(0)/0x0(0)
>>> Last flood scan length is 0, maximum is 0
>>> Last flood scan time is 0 msec, maximum is 0 msec
>>> Neighbor Count is 0, Adjacent neighbor count is 0
>>> Suppress hello for 0 neighbor(s)
>>>
>>>
>>> ----- Original Message -----
>>> From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
>>> To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
>>> Sent: Wednesday, March 21, 2007 12:38 PM
>>> Subject: RE: [cisco-bba] ospf over pppoe link
>>>
>>>
>>>> Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:
>>>>
>>>>> We are trying to run ospf over a pppoe link. everything works to
>>>>> as you would expect with ospf except that on the lns side the
>>>>> virtual-access interface is always in passive mode so it never
>>>>> sends hellos packets or listens for them. The client side is
>>>>> sending them out the proper interface. has anyone done this
>>>>> successfully?
>>>>>
>>>>> I can supply config snap shots if that is helpful.
>>>>>
>>>>
>>>> OSPF config is needed, but I'd guess you did something like
>>>>
>>>> router ospf 1
>>>> passive-interface default
>>>> no passive-interface Virtual-template1
>>>>
>>>> This won't work as the "no passive-interface" is taken literally,
>>>> the Virtual-Access<n> (VAI) interfaces will be matched by the
>>>> "passive-interface default".
>>>>
>>>> Depending on your IOS version, you could use the "ip ospf area
>>>> <area>" interface command to enable OSPF (see the "Area Command in
>>>> Interface Mode for OSPFv2" feature documentation), and apply this
>>>> command via Radius/lcp:interface-config in a per-user fashion so
>>>> only some users will be able to speak OSPF with you. If this
>>>> doesn't work, you could use a different loopback interface for
>>>> these users (either a different vtemplate or apply an "ip
>>>> unnumbered Loopback1" using Radius/lcp:interface-config) and use
>>>> "network <loopback1-address>
>>>> 0.0.0.0 area <area>", so all VAI's referencing this loopback will
>>>> be put into OSPF. Make sure to run OSPF MD5 authentication here..
>>>>
>>>> But, this is just a wild guess ;-)
>>>>
>>>> oli
>>>>
>>>>
>>>>
>>>> --
>>>> No virus found in this incoming message.
>>>> Checked by AVG Free Edition.
>>>> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
>>>> 3/21/2007 7:52 AM
>>
>>
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
>> 3/21/2007 7:52 AM

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Hi Mark,
You cannot use OSPF over PPP links if the IP address is
negotiated for any side. This is b'cos PPP doesn't have any option to
negotiate the mask information and hence will always use a /32 bit mask
when IP address is negotiated.
As there cannot be more than 1 host on a /32 network, OSPF will
always complain that the remote peer is not in the same subnet. Remember
that OSPF needs both the ends in the same network to form neighbour
relationship.

I don't think there is any possible relation; The workaround
would be to use static IPs on both sides or use "ip innumbered"

Regards
Prem


-- If you live each day as if it was your last, someday you'll certainly
be right.

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Mark Jones
Sent: Thursday, March 22, 2007 6:49 PM
To: Oliver Boehmer (oboehmer); cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] ospf over pppoe link

yes that fixed that problem. The two client router and the lns see hello
packets form each other. The lns goes into int mode. The client
complaints "Rcv pkt from xxx.x.137.65, Dialer2, area 0.0.0.0 : src not
on the same network"

As the dialer 2 interface has a /32 ip and the interface bound to the
virtual-template can't be part of that /32 network I am not sure what
the solution to this would be.


----- Original Message -----
From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
Sent: Thursday, March 22, 2007 12:30 AM
Subject: RE: [cisco-bba] ospf over pppoe link


> Mark,
>
> Can you try to add "Framed-Routing = 3" to your Radius profile and see
> if this makes a difference?
>
> oli
>
> Mark Jones <mailto:mjones@mnsi.net> wrote on Wednesday, March 21, 2007
> 7:48 PM:
>
>> Here is some of the config. Let me know what else you may need.
>>
>>
>>
>> router ospf 1
>> router-id XXX.X.137.65
>> log-adjacency-changes
>> limit retransmissions dc disable non-dc disable
>> redistribute connected subnets route-map netout
>> redistribute static subnets route-map netout
>> network xxx.x.136.213 0.0.0.0 area 0
>> network xxx.x.137.65 0.0.0.0 area 0
>>
>> !<snip>
>>
>> interface Virtual-Template3
>> mtu 1492
>> ip unnumbered FastEthernet0/0.4
>> ip load-sharing per-packet
>> ip ospf mtu-ignore
>> no logging event link-status
>> load-interval 30
>> peer default ip address pool dynlon1
>> ppp authentication pap PPP_LOCAL
>> ppp authorization PPP_LOCAL
>>
>>
>>
>> sh ip ospf int vi3.1
>>
>> Virtual-Access3.1 is up, line protocol is up
>> Internet Address 0.0.0.0/0, Area 0
>> Process ID 1, Router ID XXX.X.137.65, Network Type POINT_TO_POINT,
>> Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT
>> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit
5
>> oob-resync timeout 40
>> No Hellos (Passive interface)
>> Supports Link-local Signaling (LLS)
>> Cisco NSF helper support enabled
>> IETF NSF helper support enabled
>> Index 4/4, flood queue length 0
>> Next 0x0(0)/0x0(0)
>> Last flood scan length is 0, maximum is 0
>> Last flood scan time is 0 msec, maximum is 0 msec
>> Neighbor Count is 0, Adjacent neighbor count is 0
>> Suppress hello for 0 neighbor(s)
>>
>>
>> ----- Original Message -----
>> From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
>> To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
>> Sent: Wednesday, March 21, 2007 12:38 PM
>> Subject: RE: [cisco-bba] ospf over pppoe link
>>
>>
>>> Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:
>>>
>>>> We are trying to run ospf over a pppoe link. everything works to as
>>>> you would expect with ospf except that on the lns side the
>>>> virtual-access interface is always in passive mode so it never
sends
>>>> hellos packets or listens for them. The client side is sending them
>>>> out the proper interface. has anyone done this successfully?
>>>>
>>>> I can supply config snap shots if that is helpful.
>>>>
>>>
>>> OSPF config is needed, but I'd guess you did something like
>>>
>>> router ospf 1
>>> passive-interface default
>>> no passive-interface Virtual-template1
>>>
>>> This won't work as the "no passive-interface" is taken literally,
the
>>> Virtual-Access<n> (VAI) interfaces will be matched by the
>>> "passive-interface default".
>>>
>>> Depending on your IOS version, you could use the "ip ospf area
>>> <area>" interface command to enable OSPF (see the "Area Command in
>>> Interface
>>> Mode for OSPFv2" feature documentation), and apply this command via
>>> Radius/lcp:interface-config in a per-user fashion so only some users
>>> will be able to speak OSPF with you. If this doesn't work, you could
>>> use a different loopback interface for these users (either a
>>> different vtemplate or apply an "ip unnumbered Loopback1" using
>>> Radius/lcp:interface-config) and use "network <loopback1-address>
>>> 0.0.0.0 area <area>", so all VAI's referencing this loopback will be
>>> put into OSPF. Make sure to run OSPF MD5 authentication here..
>>>
>>> But, this is just a wild guess ;-)
>>>
>>> oli
>>>
>>>
>>>
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
>>> 3/21/2007 7:52 AM
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
3/21/2007
> 7:52 AM
>
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Hi Mark,
You cannot use OSPF over PPP links if the IP address is
negotiated for any side. This is b'cos PPP doesn't have any option to
negotiate the mask information and hence will always use a /32 bit mask
when IP address is negotiated.
As there cannot be more than 1 host on a /32 network, OSPF will
always complain that the remote peer is not in the same subnet. Remember
that OSPF needs both the ends in the same network to form neighbour
relationship.

I don't think there is any possible relation;
I wanted to say "there is any possible solution". :-)

The workaround would be to use static IPs on both sides or use
"ip innumbered"

Regards
Prem


-- If you live each day as if it was your last, someday you'll certainly
be right.

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Mark Jones
Sent: Thursday, March 22, 2007 6:49 PM
To: Oliver Boehmer (oboehmer); cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] ospf over pppoe link

yes that fixed that problem. The two client router and the lns see hello
packets form each other. The lns goes into int mode. The client
complaints "Rcv pkt from xxx.x.137.65, Dialer2, area 0.0.0.0 : src not
on the same network"

As the dialer 2 interface has a /32 ip and the interface bound to the
virtual-template can't be part of that /32 network I am not sure what
the solution to this would be.


----- Original Message -----
From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
Sent: Thursday, March 22, 2007 12:30 AM
Subject: RE: [cisco-bba] ospf over pppoe link


> Mark,
>
> Can you try to add "Framed-Routing = 3" to your Radius profile and see
> if this makes a difference?
>
> oli
>
> Mark Jones <mailto:mjones@mnsi.net> wrote on Wednesday, March 21, 2007
> 7:48 PM:
>
>> Here is some of the config. Let me know what else you may need.
>>
>>
>>
>> router ospf 1
>> router-id XXX.X.137.65
>> log-adjacency-changes
>> limit retransmissions dc disable non-dc disable redistribute
>> connected subnets route-map netout redistribute static subnets
>> route-map netout network xxx.x.136.213 0.0.0.0 area 0 network
>> xxx.x.137.65 0.0.0.0 area 0
>>
>> !<snip>
>>
>> interface Virtual-Template3
>> mtu 1492
>> ip unnumbered FastEthernet0/0.4
>> ip load-sharing per-packet
>> ip ospf mtu-ignore
>> no logging event link-status
>> load-interval 30
>> peer default ip address pool dynlon1 ppp authentication pap
>> PPP_LOCAL ppp authorization PPP_LOCAL
>>
>>
>>
>> sh ip ospf int vi3.1
>>
>> Virtual-Access3.1 is up, line protocol is up
>> Internet Address 0.0.0.0/0, Area 0
>> Process ID 1, Router ID XXX.X.137.65, Network Type POINT_TO_POINT,
>> Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT
>> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit
5
>> oob-resync timeout 40
>> No Hellos (Passive interface)
>> Supports Link-local Signaling (LLS)
>> Cisco NSF helper support enabled
>> IETF NSF helper support enabled
>> Index 4/4, flood queue length 0
>> Next 0x0(0)/0x0(0)
>> Last flood scan length is 0, maximum is 0
>> Last flood scan time is 0 msec, maximum is 0 msec
>> Neighbor Count is 0, Adjacent neighbor count is 0
>> Suppress hello for 0 neighbor(s)
>>
>>
>> ----- Original Message -----
>> From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
>> To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
>> Sent: Wednesday, March 21, 2007 12:38 PM
>> Subject: RE: [cisco-bba] ospf over pppoe link
>>
>>
>>> Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:
>>>
>>>> We are trying to run ospf over a pppoe link. everything works to as
>>>> you would expect with ospf except that on the lns side the
>>>> virtual-access interface is always in passive mode so it never
sends
>>>> hellos packets or listens for them. The client side is sending them
>>>> out the proper interface. has anyone done this successfully?
>>>>
>>>> I can supply config snap shots if that is helpful.
>>>>
>>>
>>> OSPF config is needed, but I'd guess you did something like
>>>
>>> router ospf 1
>>> passive-interface default
>>> no passive-interface Virtual-template1
>>>
>>> This won't work as the "no passive-interface" is taken literally,
the
>>> Virtual-Access<n> (VAI) interfaces will be matched by the
>>> "passive-interface default".
>>>
>>> Depending on your IOS version, you could use the "ip ospf area
>>> <area>" interface command to enable OSPF (see the "Area Command in
>>> Interface Mode for OSPFv2" feature documentation), and apply this
>>> command via Radius/lcp:interface-config in a per-user fashion so
>>> only some users will be able to speak OSPF with you. If this doesn't
>>> work, you could use a different loopback interface for these users
>>> (either a different vtemplate or apply an "ip unnumbered Loopback1"
>>> using
>>> Radius/lcp:interface-config) and use "network <loopback1-address>
>>> 0.0.0.0 area <area>", so all VAI's referencing this loopback will be
>>> put into OSPF. Make sure to run OSPF MD5 authentication here..
>>>
>>> But, this is just a wild guess ;-)
>>>
>>> oli
>>>
>>>
>>>
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
>>> 3/21/2007 7:52 AM
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
3/21/2007
> 7:52 AM
>
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

The ip unumbered works good.
----- Original Message -----
From: Prem Anand (hprem)
To: Prem Anand (hprem) ; Mark Jones ; Oliver Boehmer (oboehmer) ; cisco-bba@puck.nether.net
Sent: Friday, March 23, 2007 9:22 AM
Subject: RE: [cisco-bba] ospf over pppoe link


Hi Mark,
You cannot use OSPF over PPP links if the IP address is negotiated for any side. This is b'cos PPP doesn't have any option to negotiate the mask information and hence will always use a /32 bit mask when IP address is negotiated.
As there cannot be more than 1 host on a /32 network, OSPF will always complain that the remote peer is not in the same subnet. Remember that OSPF needs both the ends in the same network to form neighbour relationship.

I don't think there is any possible relation;
I wanted to say "there is any possible solution". :-)

The workaround would be to use static IPs on both sides or use "ip innumbered"

Regards
Prem


-- If you live each day as if it was your last, someday you'll certainly be right.

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Mark Jones
Sent: Thursday, March 22, 2007 6:49 PM
To: Oliver Boehmer (oboehmer); cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] ospf over pppoe link

yes that fixed that problem. The two client router and the lns see hello packets form each other. The lns goes into int mode. The client complaints "Rcv pkt from xxx.x.137.65, Dialer2, area 0.0.0.0 : src not on the same network"

As the dialer 2 interface has a /32 ip and the interface bound to the virtual-template can't be part of that /32 network I am not sure what the solution to this would be.


----- Original Message -----
From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
Sent: Thursday, March 22, 2007 12:30 AM
Subject: RE: [cisco-bba] ospf over pppoe link


> Mark,
>
> Can you try to add "Framed-Routing = 3" to your Radius profile and see
> if this makes a difference?
>
> oli
>
> Mark Jones <mailto:mjones@mnsi.net> wrote on Wednesday, March 21, 2007
> 7:48 PM:
>
>> Here is some of the config. Let me know what else you may need.
>>
>>
>>
>> router ospf 1
>> router-id XXX.X.137.65
>> log-adjacency-changes
>> limit retransmissions dc disable non-dc disable redistribute
>> connected subnets route-map netout redistribute static subnets
>> route-map netout network xxx.x.136.213 0.0.0.0 area 0 network
>> xxx.x.137.65 0.0.0.0 area 0
>>
>> !<snip>
>>
>> interface Virtual-Template3
>> mtu 1492
>> ip unnumbered FastEthernet0/0.4
>> ip load-sharing per-packet
>> ip ospf mtu-ignore
>> no logging event link-status
>> load-interval 30
>> peer default ip address pool dynlon1 ppp authentication pap
>> PPP_LOCAL ppp authorization PPP_LOCAL
>>
>>
>>
>> sh ip ospf int vi3.1
>>
>> Virtual-Access3.1 is up, line protocol is up
>> Internet Address 0.0.0.0/0, Area 0
>> Process ID 1, Router ID XXX.X.137.65, Network Type POINT_TO_POINT,
>> Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT
>> Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit
5
>> oob-resync timeout 40
>> No Hellos (Passive interface)
>> Supports Link-local Signaling (LLS)
>> Cisco NSF helper support enabled
>> IETF NSF helper support enabled
>> Index 4/4, flood queue length 0
>> Next 0x0(0)/0x0(0)
>> Last flood scan length is 0, maximum is 0
>> Last flood scan time is 0 msec, maximum is 0 msec
>> Neighbor Count is 0, Adjacent neighbor count is 0
>> Suppress hello for 0 neighbor(s)
>>
>>
>> ----- Original Message -----
>> From: "Oliver Boehmer (oboehmer)" <oboehmer@cisco.com>
>> To: "Mark Jones" <mjones@mnsi.net>; <cisco-bba@puck.nether.net>
>> Sent: Wednesday, March 21, 2007 12:38 PM
>> Subject: RE: [cisco-bba] ospf over pppoe link
>>
>>
>>> Mark Jones <> wrote on Wednesday, March 21, 2007 4:42 PM:
>>>
>>>> We are trying to run ospf over a pppoe link. everything works to as
>>>> you would expect with ospf except that on the lns side the
>>>> virtual-access interface is always in passive mode so it never
sends
>>>> hellos packets or listens for them. The client side is sending them
>>>> out the proper interface. has anyone done this successfully?
>>>>
>>>> I can supply config snap shots if that is helpful.
>>>>
>>>
>>> OSPF config is needed, but I'd guess you did something like
>>>
>>> router ospf 1
>>> passive-interface default
>>> no passive-interface Virtual-template1
>>>
>>> This won't work as the "no passive-interface" is taken literally,
the
>>> Virtual-Access<n> (VAI) interfaces will be matched by the
>>> "passive-interface default".
>>>
>>> Depending on your IOS version, you could use the "ip ospf area
>>> <area>" interface command to enable OSPF (see the "Area Command in
>>> Interface Mode for OSPFv2" feature documentation), and apply this
>>> command via Radius/lcp:interface-config in a per-user fashion so
>>> only some users will be able to speak OSPF with you. If this doesn't
>>> work, you could use a different loopback interface for these users
>>> (either a different vtemplate or apply an "ip unnumbered Loopback1"
>>> using
>>> Radius/lcp:interface-config) and use "network <loopback1-address>
>>> 0.0.0.0 area <area>", so all VAI's referencing this loopback will be
>>> put into OSPF. Make sure to run OSPF MD5 authentication here..
>>>
>>> But, this is just a wild guess ;-)
>>>
>>> oli
>>>
>>>
>>>
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
>>> 3/21/2007 7:52 AM
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date:
3/21/2007
> 7:52 AM
>
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba




------------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 268.18.16/729 - Release Date: 3/21/2007 7:52 AM