Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. BBA
stranded sessions
bbc at misn
Feb 10, 2008, 8:04 PM
Post #1 of 5 (4908 views)
Permalink
The following PPPOE configuration works fine, except for one detail.

If a customer unplugs their router, it strands a session and IP address.
If I add the mac address session limit, it will limit the number of
sessions and then not allow any additional connections. But, the
sessions are still stuck. If they do not time out (which required a
timeout be set), or the sessions are not cleared, the customer will not
be able to log back on.

The work around was to not limit connections per mac. But, that won't
do for long. The IP pools will be exhausted fairly quickly.

I cannot imagine that Cisco doesn't have a knob that can be set which
will clear stranded PPPoE sessions, or at least disconnect the previous
session to the same MAC. But, I am unaware of how this is accomplished
with BBA on a Cisco.

Any ideas?

bbc@misn.com


aaa new-model
!
aaa authentication ppp default local group radius
aaa authorization network default local group radius none
aaa accounting delay-start
aaa accounting network default start-stop group radius
!
aaa session-id common
. . .
bba-group pppoe global
virtual-template 1
ac name DSL
sessions per-mac throttle 100 30 3600
sessions auto cleanup
!
bba-group pppoe DSL
virtual-template 1
sessions per-mac throttle 100 30 3600
sessions auto cleanup
. . .
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2.2
encapsulation dot1Q 2
pppoe enable group DSL
. . .
interface Virtual-Template1
ip unnumbered Loopback1
no logging event link-status
peer default ip address pool pool1-1 default
no keepalive
ppp authentication pap
ppp ipcp dns Y.Y.Y.Y Z.Z.Z.Z
ppp ipcp address required
ppp ipcp address unique
!
ip local pool default X.X.X.49 X.X.X.62
ip local pool default X.X.Y.1 X.X.Y.250
ip local pool default X.X.Z.1 X.X.Z.250
!
ip radius source-interface Loopback1
!
radius-server attribute 8 include-in-access-req
radius-server attribute nas-port format d
radius-server host X.X.X.X auth-port 1645 acct-port 1646
radius-server key 7 XXXXXXXXXXXX
radius-server vsa send accounting
radius-server vsa send authentication
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: stranded sessions [ In reply to ]
achatz at forthnet
Feb 11, 2008, 12:25 AM
Post #2 of 5 (4761 views)
Permalink
You must enable keepalives under the vtemplate, otherwise the router won't know it has lost the
PPPoE session.

Also, some dsl modems send a PADT packet (using their last session id) before any PADI, which causes
the old session to be disconnected.

--
Tassos


Bryan Campbell wrote on 11/2/2008 6:04 ðì:
> The following PPPOE configuration works fine, except for one detail.
>
> If a customer unplugs their router, it strands a session and IP address.
> If I add the mac address session limit, it will limit the number of
> sessions and then not allow any additional connections. But, the
> sessions are still stuck. If they do not time out (which required a
> timeout be set), or the sessions are not cleared, the customer will not
> be able to log back on.
>
> The work around was to not limit connections per mac. But, that won't
> do for long. The IP pools will be exhausted fairly quickly.
>
> I cannot imagine that Cisco doesn't have a knob that can be set which
> will clear stranded PPPoE sessions, or at least disconnect the previous
> session to the same MAC. But, I am unaware of how this is accomplished
> with BBA on a Cisco.
>
> Any ideas?
>
> bbc@misn.com
>
>
> aaa new-model
> !
> aaa authentication ppp default local group radius
> aaa authorization network default local group radius none
> aaa accounting delay-start
> aaa accounting network default start-stop group radius
> !
> aaa session-id common
> . . .
> bba-group pppoe global
> virtual-template 1
> ac name DSL
> sessions per-mac throttle 100 30 3600
> sessions auto cleanup
> !
> bba-group pppoe DSL
> virtual-template 1
> sessions per-mac throttle 100 30 3600
> sessions auto cleanup
> . . .
> interface GigabitEthernet0/2
> no ip address
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface GigabitEthernet0/2.2
> encapsulation dot1Q 2
> pppoe enable group DSL
> . . .
> interface Virtual-Template1
> ip unnumbered Loopback1
> no logging event link-status
> peer default ip address pool pool1-1 default
> no keepalive
> ppp authentication pap
> ppp ipcp dns Y.Y.Y.Y Z.Z.Z.Z
> ppp ipcp address required
> ppp ipcp address unique
> !
> ip local pool default X.X.X.49 X.X.X.62
> ip local pool default X.X.Y.1 X.X.Y.250
> ip local pool default X.X.Z.1 X.X.Z.250
> !
> ip radius source-interface Loopback1
> !
> radius-server attribute 8 include-in-access-req
> radius-server attribute nas-port format d
> radius-server host X.X.X.X auth-port 1645 acct-port 1646
> radius-server key 7 XXXXXXXXXXXX
> radius-server vsa send accounting
> radius-server vsa send authentication
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: stranded sessions [ In reply to ]
bbc at misn
Feb 11, 2008, 5:45 AM
Post #3 of 5 (4783 views)
Permalink
Done! It seems to have fixed the stranded session problem at my test
location.

But, I still have some customers who are redialing and seem to be
consuming a great many IP addresses. I seems that they are just
allocated and not used. I may have to set the sessions per-mac throttle
such that they cannot do that anymore. Thankfully, we only have a small
number of customer equipment that behaves that way. If I have trouble,
I will e-mail back.

Thanks for your assistance.



Tassos Chatzithomaoglou wrote:
> You must enable keepalives under the vtemplate, otherwise the router
> won't know it has lost the PPPoE session.
>
> Also, some dsl modems send a PADT packet (using their last session id)
> before any PADI, which causes the old session to be disconnected.
>
> --
> Tassos
>
>
> Bryan Campbell wrote on 11/2/2008 6:04 ðì:
>> The following PPPOE configuration works fine, except for one detail.
>>
>> If a customer unplugs their router, it strands a session and IP
>> address. If I add the mac address session limit, it will limit the
>> number of sessions and then not allow any additional connections.
>> But, the sessions are still stuck. If they do not time out (which
>> required a timeout be set), or the sessions are not cleared, the
>> customer will not be able to log back on.
>>
>> The work around was to not limit connections per mac. But, that won't
>> do for long. The IP pools will be exhausted fairly quickly.
>>
>> I cannot imagine that Cisco doesn't have a knob that can be set which
>> will clear stranded PPPoE sessions, or at least disconnect the
>> previous session to the same MAC. But, I am unaware of how this is
>> accomplished with BBA on a Cisco.
>>
>> Any ideas?
>>
>> bbc@misn.com
>>
>>
>> aaa new-model
>> !
>> aaa authentication ppp default local group radius
>> aaa authorization network default local group radius none
>> aaa accounting delay-start
>> aaa accounting network default start-stop group radius
>> !
>> aaa session-id common
>> . . .
>> bba-group pppoe global
>> virtual-template 1
>> ac name DSL
>> sessions per-mac throttle 100 30 3600
>> sessions auto cleanup
>> !
>> bba-group pppoe DSL
>> virtual-template 1
>> sessions per-mac throttle 100 30 3600
>> sessions auto cleanup
>> . . .
>> interface GigabitEthernet0/2
>> no ip address
>> duplex auto
>> speed auto
>> media-type rj45
>> negotiation auto
>> !
>> interface GigabitEthernet0/2.2
>> encapsulation dot1Q 2
>> pppoe enable group DSL
>> . . .
>> interface Virtual-Template1
>> ip unnumbered Loopback1
>> no logging event link-status
>> peer default ip address pool pool1-1 default
>> no keepalive
>> ppp authentication pap
>> ppp ipcp dns Y.Y.Y.Y Z.Z.Z.Z
>> ppp ipcp address required
>> ppp ipcp address unique
>> !
>> ip local pool default X.X.X.49 X.X.X.62
>> ip local pool default X.X.Y.1 X.X.Y.250
>> ip local pool default X.X.Z.1 X.X.Z.250
>> !
>> ip radius source-interface Loopback1
>> !
>> radius-server attribute 8 include-in-access-req
>> radius-server attribute nas-port format d
>> radius-server host X.X.X.X auth-port 1645 acct-port 1646
>> radius-server key 7 XXXXXXXXXXXX
>> radius-server vsa send accounting
>> radius-server vsa send authentication
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
>>
>
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: stranded sessions [ In reply to ]
frnkblk at iname
Feb 11, 2008, 11:35 AM
Post #4 of 5 (4764 views)
Permalink
What's the recommended keepalive value? I set it for 30 minutes right now.

What I'm seeing from a handful of PPPoE clients are reconnects for no
apparently physical reason. Could that be related in any kind of way to the
lack of a keepalive value?

Frank

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Tassos
Chatzithomaoglou
Sent: Monday, February 11, 2008 2:26 AM
To: Bryan Campbell
Cc: akiramot@cisco.com; cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] stranded sessions

You must enable keepalives under the vtemplate, otherwise the router won't
know it has lost the
PPPoE session.

Also, some dsl modems send a PADT packet (using their last session id)
before any PADI, which causes
the old session to be disconnected.

--
Tassos


Bryan Campbell wrote on 11/2/2008 6:04 ðì:
> The following PPPOE configuration works fine, except for one detail.
>
> If a customer unplugs their router, it strands a session and IP address.
> If I add the mac address session limit, it will limit the number of
> sessions and then not allow any additional connections. But, the
> sessions are still stuck. If they do not time out (which required a
> timeout be set), or the sessions are not cleared, the customer will not
> be able to log back on.
>
> The work around was to not limit connections per mac. But, that won't
> do for long. The IP pools will be exhausted fairly quickly.
>
> I cannot imagine that Cisco doesn't have a knob that can be set which
> will clear stranded PPPoE sessions, or at least disconnect the previous
> session to the same MAC. But, I am unaware of how this is accomplished
> with BBA on a Cisco.
>
> Any ideas?
>
> bbc@misn.com
>
>
> aaa new-model
> !
> aaa authentication ppp default local group radius
> aaa authorization network default local group radius none
> aaa accounting delay-start
> aaa accounting network default start-stop group radius
> !
> aaa session-id common
> . . .
> bba-group pppoe global
> virtual-template 1
> ac name DSL
> sessions per-mac throttle 100 30 3600
> sessions auto cleanup
> !
> bba-group pppoe DSL
> virtual-template 1
> sessions per-mac throttle 100 30 3600
> sessions auto cleanup
> . . .
> interface GigabitEthernet0/2
> no ip address
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface GigabitEthernet0/2.2
> encapsulation dot1Q 2
> pppoe enable group DSL
> . . .
> interface Virtual-Template1
> ip unnumbered Loopback1
> no logging event link-status
> peer default ip address pool pool1-1 default
> no keepalive
> ppp authentication pap
> ppp ipcp dns Y.Y.Y.Y Z.Z.Z.Z
> ppp ipcp address required
> ppp ipcp address unique
> !
> ip local pool default X.X.X.49 X.X.X.62
> ip local pool default X.X.Y.1 X.X.Y.250
> ip local pool default X.X.Z.1 X.X.Z.250
> !
> ip radius source-interface Loopback1
> !
> radius-server attribute 8 include-in-access-req
> radius-server attribute nas-port format d
> radius-server host X.X.X.X auth-port 1645 acct-port 1646
> radius-server key 7 XXXXXXXXXXXX
> radius-server vsa send accounting
> radius-server vsa send authentication
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: stranded sessions [ In reply to ]
achatz at forthnet
Feb 12, 2008, 3:53 AM
Post #5 of 5 (4788 views)
Permalink
It depends on cpu usage and number of users.

You can leave the default (3x10) if you think that your cpu can handle it.
Otherwise you can try different combinations, like 3x20, 3x30, 3x40 and so on.

--
Tassos

Frank Bulk wrote on 11/2/2008 9:35 ìì:
> What's the recommended keepalive value? I set it for 30 minutes right now.
>
> What I'm seeing from a handful of PPPoE clients are reconnects for no
> apparently physical reason. Could that be related in any kind of way to the
> lack of a keepalive value?
>
> Frank
>
> -----Original Message-----
> From: cisco-bba-bounces@puck.nether.net
> [mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Tassos
> Chatzithomaoglou
> Sent: Monday, February 11, 2008 2:26 AM
> To: Bryan Campbell
> Cc: akiramot@cisco.com; cisco-bba@puck.nether.net
> Subject: Re: [cisco-bba] stranded sessions
>
> You must enable keepalives under the vtemplate, otherwise the router won't
> know it has lost the
> PPPoE session.
>
> Also, some dsl modems send a PADT packet (using their last session id)
> before any PADI, which causes
> the old session to be disconnected.
>
> --
> Tassos
>
>
> Bryan Campbell wrote on 11/2/2008 6:04 ðì:
>> The following PPPOE configuration works fine, except for one detail.
>>
>> If a customer unplugs their router, it strands a session and IP address.
>> If I add the mac address session limit, it will limit the number of
>> sessions and then not allow any additional connections. But, the
>> sessions are still stuck. If they do not time out (which required a
>> timeout be set), or the sessions are not cleared, the customer will not
>> be able to log back on.
>>
>> The work around was to not limit connections per mac. But, that won't
>> do for long. The IP pools will be exhausted fairly quickly.
>>
>> I cannot imagine that Cisco doesn't have a knob that can be set which
>> will clear stranded PPPoE sessions, or at least disconnect the previous
>> session to the same MAC. But, I am unaware of how this is accomplished
>> with BBA on a Cisco.
>>
>> Any ideas?
>>
>> bbc@misn.com
>>
>>
>> aaa new-model
>> !
>> aaa authentication ppp default local group radius
>> aaa authorization network default local group radius none
>> aaa accounting delay-start
>> aaa accounting network default start-stop group radius
>> !
>> aaa session-id common
>> . . .
>> bba-group pppoe global
>> virtual-template 1
>> ac name DSL
>> sessions per-mac throttle 100 30 3600
>> sessions auto cleanup
>> !
>> bba-group pppoe DSL
>> virtual-template 1
>> sessions per-mac throttle 100 30 3600
>> sessions auto cleanup
>> . . .
>> interface GigabitEthernet0/2
>> no ip address
>> duplex auto
>> speed auto
>> media-type rj45
>> negotiation auto
>> !
>> interface GigabitEthernet0/2.2
>> encapsulation dot1Q 2
>> pppoe enable group DSL
>> . . .
>> interface Virtual-Template1
>> ip unnumbered Loopback1
>> no logging event link-status
>> peer default ip address pool pool1-1 default
>> no keepalive
>> ppp authentication pap
>> ppp ipcp dns Y.Y.Y.Y Z.Z.Z.Z
>> ppp ipcp address required
>> ppp ipcp address unique
>> !
>> ip local pool default X.X.X.49 X.X.X.62
>> ip local pool default X.X.Y.1 X.X.Y.250
>> ip local pool default X.X.Z.1 X.X.Z.250
>> !
>> ip radius source-interface Loopback1
>> !
>> radius-server attribute 8 include-in-access-req
>> radius-server attribute nas-port format d
>> radius-server host X.X.X.X auth-port 1645 acct-port 1646
>> radius-server key 7 XXXXXXXXXXXX
>> radius-server vsa send accounting
>> radius-server vsa send authentication
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
>>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
>
>
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal