Mailing List Archive: vpdn - wt-sss| SSS Circuit

vpdn - wt-sss| SSS Circuit

Oct 31, 2007, 3:17 AM

Post #1 of 3 (5617 views)

hi all,

could somebody please point me to some sort of documentation as to why
incoming vpdn sessions onto a NPE-G1 would sometimes end up in the wt-sss
state.

clns5-cj#sh vpdn | incl sss
30516 14 10678 SSS Circuit wt-sss 01:36:33 1621
30517 33 12593 SSS Circuit wt-sss 01:36:29 2128
30518 201 14508 SSS Circuit wt-sss 01:36:25 2544
30519 11 16423 SSS Circuit wt-sss 01:36:22 341
30521 51 20253 SSS Circuit wt-sss 01:24:34 64
30553 34 15997 SSS Circuit wt-sss 00:14:31 3274

clns5-cj#sh vpdn | incl 15997
15997 7919 rsaweb-honskn est 196. 1 1
30553 34 15997 SSS Circuit wt-sss 00:14:42 3274

from doing the google thing, it seems that this could be due to a non
responsible radius server, which would be my next step in tracing the
problem.

j.

_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

Re: vpdn - wt-sss| SSS Circuit [ In reply to ]

oboehmer at cisco

Oct 31, 2007, 3:30 AM

Post #2 of 3 (5380 views)

Permalink

jc <> wrote on Wednesday, October 31, 2007 11:17 AM:

> hi all,
>
> could somebody please point me to some sort of documentation as to why
> incoming vpdn sessions onto a NPE-G1 would sometimes end up in the
> wt-sss state.
[...]
> from doing the google thing, it seems that this could be due to a non
> responsible radius server, which would be my next step in tracing the
> problem.

right. General answer is that the LNS is waiting for service selection,
which is performed by the IOS SSS subsystem. On an L2TP LNS, services
applicable are really only "terminate locally" or "forward the session",
both are dependant on the AAA authorization. So slow/non-responding
radius server is a very likely cause of this.. I've also seen problems
in the PPP negotiation leading to this state, which can be a
pre-requisite for authorization.

oli
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas

Re: vpdn - wt-sss| SSS Circuit [ In reply to ]

tabes at wmis

Oct 31, 2007, 5:48 AM

Post #3 of 3 (5376 views)

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We saw this happen when the telco upgraded their DSLAMs and essentially
bricked a certain model of ADSL modem we had about 20 end-users using.

This was a few years ago, I think it was a problem w/ PPP negotiation.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Matt Taber tabes@wmis.net
WMIS Internet http://www.wmis.net
616-281-9647 1-888-482-9647
"Accelerate ... It's a Speed Thing"
PGP: http://www.wmis.net/pgp/0x3077CD7C
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

jc wrote:
> hi all,
>
> could somebody please point me to some sort of documentation as to why
> incoming vpdn sessions onto a NPE-G1 would sometimes end up in the wt-sss
> state.
>
> clns5-cj#sh vpdn | incl sss
> 30516 14 10678 SSS Circuit wt-sss 01:36:33 1621
> 30517 33 12593 SSS Circuit wt-sss 01:36:29 2128
> 30518 201 14508 SSS Circuit wt-sss 01:36:25 2544
> 30519 11 16423 SSS Circuit wt-sss 01:36:22 341
> 30521 51 20253 SSS Circuit wt-sss 01:24:34 64
> 30553 34 15997 SSS Circuit wt-sss 00:14:31 3274
>
> clns5-cj#sh vpdn | incl 15997
> 15997 7919 rsaweb-honskn est 196. 1 1
> 30553 34 15997 SSS Circuit wt-sss 00:14:42 3274
>
> from doing the google thing, it seems that this could be due to a non
> responsible radius server, which would be my next step in tracing the
> problem.
>
>
> j.
>
> _______________________________________________
> cisco-nas mailing list
> cisco-nas@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHKHmYhqnZajB3zXwRAqupAJ9XzarZX1kQGNxaUm9E76yXVK+FowCffY03
PXMKhI206qoxacYxwRU3/Zc=
=0D0o
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nas mailing list
cisco-nas@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nas