Hi,
Has anyone opinions on a L2TP VPDN scenrio where users are terminated on
7204VXR's running 12.3(20) (c7200-jk9s-mz.123-20.bin) IOS.
We recently saw numerous tunnels from our wholesale provider
simultaneously drop and get re-established. Our provider, in turn, saw
tunnels destined for us from the telco incumbent drop at same time also.
One of these tunnels had an unusually high no. of sessions and after
checking the tunnel we saw the following. i.e no valid users in it.
sh vpdn session | i 48335
25824 393 48335 wt-con 10:53:23 n/a
25839 433 48335 wt-con 10:52:20 n/a
25541 64954 48335 wt-con 11:16:37 n/a
25553 65016 48335 wt-con 11:15:20 n/a
27634 5458 48335 wt-con 08:03:30 n/a
27733 5696 48335 wt-con 07:56:11 n/a
And so on....
Once we cleared the tunnel with a 'clear vpdn tunnel l2tp 48335', it
cleared after a few minutes. A replacement tunnel was established
immediately which terminated users properly.
Has anyone saw this or have an idea why this would happen?
VPDN config as follows:
!
aaa new-model
!
!
!
aaa authentication login default local-case
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
aaa session-id common
!
!
interface Loopback0
description VPDN Tunnel Endpoint
ip address www.xxx.yyy.zzz 255.255.255.255
!
vpdn enable
vpdn history failure table-size 50
!
vpdn-group 1
description VPDN-GROUP-1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname <hostname>
source-ip aaa.bbb.ccc.ddd
lcp renegotiation on-mismatch
l2tp tunnel password <removed>
!
!
virtual-template 1 pre-clone 8000
!
!
interface Virtual-Template1
description Virtual Template
mtu 1460
ip unnumbered Loopback0
ip tcp adjust-mss 1420
no logging event link-status
no snmp trap link-status
peer default ip address pool default
ppp mtu adaptive proxy
ppp authentication chap
!
Thanks,
Mark
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Has anyone opinions on a L2TP VPDN scenrio where users are terminated on
7204VXR's running 12.3(20) (c7200-jk9s-mz.123-20.bin) IOS.
We recently saw numerous tunnels from our wholesale provider
simultaneously drop and get re-established. Our provider, in turn, saw
tunnels destined for us from the telco incumbent drop at same time also.
One of these tunnels had an unusually high no. of sessions and after
checking the tunnel we saw the following. i.e no valid users in it.
sh vpdn session | i 48335
25824 393 48335 wt-con 10:53:23 n/a
25839 433 48335 wt-con 10:52:20 n/a
25541 64954 48335 wt-con 11:16:37 n/a
25553 65016 48335 wt-con 11:15:20 n/a
27634 5458 48335 wt-con 08:03:30 n/a
27733 5696 48335 wt-con 07:56:11 n/a
And so on....
Once we cleared the tunnel with a 'clear vpdn tunnel l2tp 48335', it
cleared after a few minutes. A replacement tunnel was established
immediately which terminated users properly.
Has anyone saw this or have an idea why this would happen?
VPDN config as follows:
!
aaa new-model
!
!
!
aaa authentication login default local-case
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
aaa session-id common
!
!
interface Loopback0
description VPDN Tunnel Endpoint
ip address www.xxx.yyy.zzz 255.255.255.255
!
vpdn enable
vpdn history failure table-size 50
!
vpdn-group 1
description VPDN-GROUP-1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname <hostname>
source-ip aaa.bbb.ccc.ddd
lcp renegotiation on-mismatch
l2tp tunnel password <removed>
!
!
virtual-template 1 pre-clone 8000
!
!
interface Virtual-Template1
description Virtual Template
mtu 1460
ip unnumbered Loopback0
ip tcp adjust-mss 1420
no logging event link-status
no snmp trap link-status
peer default ip address pool default
ppp mtu adaptive proxy
ppp authentication chap
!
Thanks,
Mark
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba