In the process of setting up a 7206 to terminate ADSL connections, using a
Radiator (Radius) server for auth.
The test ADSL connection appears to authenticate successfuly, but then
disconnect immediately, then attempt to authenticate again.
I am seeing the following in the 7206 logs:
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: Looking for tunnel
dsl.datafx.com.au
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: tunnel dsl.datafx.com.au
doesn't exist
Jul 13 08:13:57.335 aest: AAA/AUTHOR (2818497300): Post authorization status =
ERROR
and
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 18/"Host Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1046/"Upper Layer Req
Close"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 1/"User Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1045/"Received
Terminate"
Then I see the connection est. then a nosess:
gc-rt-02#show vpdn
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocID RemID Remote Name State Remote Address Port Sessions
47831 30470 for-cor3 est 210.8.1.65 1701 1
LocID RemID TunID Intf Username State Last Chg Fastswitch
9635 24675 47831 Vi1 connect_test@ est 00:00:00 enabled
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
gc-rt-02#
gc-rt-02#show vpdn
L2TP Tunnel and Session Information Total tunnels 1 sessions 0
LocID RemID Remote Name State Remote Address Port Sessions
47831 30470 for-cor3 nosess 210.8.1.65 1701 0
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
gc-rt-02#
Radius server is reporting the term cause as 'Host-Request':
Acct-Terminate-Cause = Host-Request
Have the following on the 7206 (Multiple vpdn-groups are defined):
aaa new-model
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius local
aaa authorization network l2tp group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
aaa accounting network l2tp start-stop group radius
!
vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
no vpdn logging remote
no vpdn logging user
vpdn history failure table-size 50
vpdn ignore udp checksum
vpdn search-order domain
vpdn domain-delimiter @ suffix
vpdn domain-delimiter / prefix
!
vpdn-group for
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname for-cor3
local name dsl.datafx.com.au
lcp renegotiation on-mismatch
l2tp tunnel password 7 08306004044D40
!
interface Virtual-Template1
description Connect L2TP termination
no ip address
ppp authentication pap chap callin
ppp authorization l2tp
ppp accounting l2tp
!
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server attribute 25 nas-port format d
radius-server attribute nas-port format d
radius-server key #############
!
I'm certain I am missing something vital in the radius config...
Any assistance is greatly appreciated.
Regards,
MB
-------------------------------------------------------------------------
This e-mail was sent via Data FX Online WebMail http://www.datafx.com.au/
Radiator (Radius) server for auth.
The test ADSL connection appears to authenticate successfuly, but then
disconnect immediately, then attempt to authenticate again.
I am seeing the following in the 7206 logs:
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: Looking for tunnel
dsl.datafx.com.au
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: tunnel dsl.datafx.com.au
doesn't exist
Jul 13 08:13:57.335 aest: AAA/AUTHOR (2818497300): Post authorization status =
ERROR
and
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 18/"Host Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1046/"Upper Layer Req
Close"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 1/"User Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1045/"Received
Terminate"
Then I see the connection est. then a nosess:
gc-rt-02#show vpdn
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocID RemID Remote Name State Remote Address Port Sessions
47831 30470 for-cor3 est 210.8.1.65 1701 1
LocID RemID TunID Intf Username State Last Chg Fastswitch
9635 24675 47831 Vi1 connect_test@ est 00:00:00 enabled
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
gc-rt-02#
gc-rt-02#show vpdn
L2TP Tunnel and Session Information Total tunnels 1 sessions 0
LocID RemID Remote Name State Remote Address Port Sessions
47831 30470 for-cor3 nosess 210.8.1.65 1701 0
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
gc-rt-02#
Radius server is reporting the term cause as 'Host-Request':
Acct-Terminate-Cause = Host-Request
Have the following on the 7206 (Multiple vpdn-groups are defined):
aaa new-model
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius local
aaa authorization network l2tp group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
aaa accounting network l2tp start-stop group radius
!
vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
no vpdn logging remote
no vpdn logging user
vpdn history failure table-size 50
vpdn ignore udp checksum
vpdn search-order domain
vpdn domain-delimiter @ suffix
vpdn domain-delimiter / prefix
!
vpdn-group for
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname for-cor3
local name dsl.datafx.com.au
lcp renegotiation on-mismatch
l2tp tunnel password 7 08306004044D40
!
interface Virtual-Template1
description Connect L2TP termination
no ip address
ppp authentication pap chap callin
ppp authorization l2tp
ppp accounting l2tp
!
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server attribute 25 nas-port format d
radius-server attribute nas-port format d
radius-server key #############
!
I'm certain I am missing something vital in the radius config...
Any assistance is greatly appreciated.
Regards,
MB
-------------------------------------------------------------------------
This e-mail was sent via Data FX Online WebMail http://www.datafx.com.au/