Mailing List Archive

asr920 - pppoe - Filter-Id is fail
Hi,

    I got another one -

    Playing with my asr920 I have it working as a pppoe server. I notice
that if I have a radius attribute returned "Filter-Id" with the name of
a filter already on the box, the pppoe session doesn't come up and
throws an error:

Sep 18 12:11:13.636 PDT: RADIUS: Received from id 1645/45
100.127.248.10:1812, Access-Accept, len 119
Sep 18 12:11:13.637 PDT: RADIUS:  authenticator FC CA B3 DE 64 4C C6 81
- 1E B3 E3 2F 6F 91 E0 78
Sep 18 12:11:13.637 PDT: RADIUS:  Framed-Protocol     [7]   6  
PPP                       [1]
Sep 18 12:11:13.637 PDT: RADIUS:  Framed-Compression  [13]  6   VJ
TCP/IP Header Compressi[1]
Sep 18 12:11:13.637 PDT: RADIUS:  Framed-IP-Address   [8]   6  
100.127.248.222          
Sep 18 12:11:13.637 PDT: RADIUS:  Vendor, Cisco       [26]  58 
Sep 18 12:11:13.637 PDT: RADIUS:   ssg-service-info   [251] 52 
"QU;4500000;843750;1687500;D;4500000;843750;1687500"
Sep 18 12:11:13.637 PDT: RADIUS:  Filter-Id           [11]  23 
Sep 18 12:11:13.637 PDT: RADIUS:   63 75 73 74 6F 6D 65 72 5F 69 6E 62
6F 75 6E 64  [customer_inbound]
Sep 18 12:11:13.637 PDT: RADIUS:   31 2E 6F 75 74             [ 1.out]
Sep 18 12:11:13.637 PDT: RADIUS(0000003F): Received from id 1645/45
Sep 18 12:11:13.638 PDT: %SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR:
Service () is configured incorrectly, service_failed event will be thrown

if I remove the Filter-Id, this error goes away. the referenced filter
(access-list) does exist. Not sure what the issue here is. Anyone know?

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr920 - pppoe - Filter-Id is fail [ In reply to ]
Does it work any better if you use

Cisco-AVPairs = “ip:inacl=MY_ACL”

Regards,

Chris Jones

> On 19 Sep 2020, at 05:29, Mike <mike+lists@yourtownonline.com> wrote:
>
> ?Hi,
>
> I got another one -
>
> Playing with my asr920 I have it working as a pppoe server. I notice
> that if I have a radius attribute returned "Filter-Id" with the name of
> a filter already on the box, the pppoe session doesn't come up and
> throws an error:
>
> Sep 18 12:11:13.636 PDT: RADIUS: Received from id 1645/45
> 100.127.248.10:1812, Access-Accept, len 119
> Sep 18 12:11:13.637 PDT: RADIUS: authenticator FC CA B3 DE 64 4C C6 81
> - 1E B3 E3 2F 6F 91 E0 78
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-Compression [13] 6 VJ
> TCP/IP Header Compressi[1]
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-IP-Address [8] 6
> 100.127.248.222
> Sep 18 12:11:13.637 PDT: RADIUS: Vendor, Cisco [26] 58
> Sep 18 12:11:13.637 PDT: RADIUS: ssg-service-info [251] 52
> "QU;4500000;843750;1687500;D;4500000;843750;1687500"
> Sep 18 12:11:13.637 PDT: RADIUS: Filter-Id [11] 23
> Sep 18 12:11:13.637 PDT: RADIUS: 63 75 73 74 6F 6D 65 72 5F 69 6E 62
> 6F 75 6E 64 [customer_inbound]
> Sep 18 12:11:13.637 PDT: RADIUS: 31 2E 6F 75 74 [ 1.out]
> Sep 18 12:11:13.637 PDT: RADIUS(0000003F): Received from id 1645/45
> Sep 18 12:11:13.638 PDT: %SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR:
> Service () is configured incorrectly, service_failed event will be thrown
>
> if I remove the Filter-Id, this error goes away. the referenced filter
> (access-list) does exist. Not sure what the issue here is. Anyone know?
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr920 - pppoe - Filter-Id is fail [ In reply to ]
On 9/19/20 4:16 AM, Chris Jones wrote:
> Does it work any better if you use
>
> Cisco-AVPairs = “ip:inacl=MY_ACL”
>

Unfortunately, no it does not. I have verified I have a matching acl
name, it just doesn't seem to want to fly. The only sss message I see
just says:

"Subscriber service profile has invalid configuration"


I use this exact technique on asr1000 and c7201 and it works there. I am
just wondering if maybe there is some other missing config that enables
per-user acls on the asr920 that is preventing this from flying.


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr920 - pppoe - Filter-Id is fail [ In reply to ]
On Fri, 18 Sep 2020 at 20:29, Mike <mike+lists@yourtownonline.com> wrote:
>
> Hi,
>
> I got another one -
>
> Playing with my asr920 I have it working as a pppoe server. I notice
> that if I have a radius attribute returned "Filter-Id" with the name of
> a filter already on the box, the pppoe session doesn't come up and
> throws an error:
>
> Sep 18 12:11:13.636 PDT: RADIUS: Received from id 1645/45
> 100.127.248.10:1812, Access-Accept, len 119
> Sep 18 12:11:13.637 PDT: RADIUS: authenticator FC CA B3 DE 64 4C C6 81
> - 1E B3 E3 2F 6F 91 E0 78
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-Compression [13] 6 VJ
> TCP/IP Header Compressi[1]
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-IP-Address [8] 6
> 100.127.248.222
> Sep 18 12:11:13.637 PDT: RADIUS: Vendor, Cisco [26] 58
> Sep 18 12:11:13.637 PDT: RADIUS: ssg-service-info [251] 52
> "QU;4500000;843750;1687500;D;4500000;843750;1687500"
> Sep 18 12:11:13.637 PDT: RADIUS: Filter-Id [11] 23
> Sep 18 12:11:13.637 PDT: RADIUS: 63 75 73 74 6F 6D 65 72 5F 69 6E 62
> 6F 75 6E 64 [customer_inbound]
> Sep 18 12:11:13.637 PDT: RADIUS: 31 2E 6F 75 74 [ 1.out]
> Sep 18 12:11:13.637 PDT: RADIUS(0000003F): Received from id 1645/45
> Sep 18 12:11:13.638 PDT: %SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR:
> Service () is configured incorrectly, service_failed event will be thrown

Hi Mike,

Can you try removing this?

Sep 18 12:11:13.637 PDT: RADIUS: Framed-Compression [13] 6 VJ
TCP/IP Header Compressi[1]

It has no impact and for ASR1Ks it's not supported (so I assume it
isn't supported on ASR920s either). I've had an issue in the past with
ASR1Ks where that was stopping subscriber sessions from establishing,
in combination with another AVP but without that 2nd AVP the session
would establish even though compression isn't supported. It was only
in that combination that the issue was highlighted. If you're using
something like FreeRADIUS it's in there by default, so you need to
look to remove it from the default config.

Cheers,
Janes.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr920 - pppoe - Filter-Id is fail [ In reply to ]
Hello Everyone,

I thought the pppoe server was not supported on the asr 920 platform ?

Did you manage to get it working ?

Thank you.

Nick

Le ven. 18 sept. 2020 à 21:26, Mike <mike+lists@yourtownonline.com> a
écrit :

> Hi,
>
> I got another one -
>
> Playing with my asr920 I have it working as a pppoe server. I notice
> that if I have a radius attribute returned "Filter-Id" with the name of
> a filter already on the box, the pppoe session doesn't come up and
> throws an error:
>
> Sep 18 12:11:13.636 PDT: RADIUS: Received from id 1645/45
> 100.127.248.10:1812, Access-Accept, len 119
> Sep 18 12:11:13.637 PDT: RADIUS: authenticator FC CA B3 DE 64 4C C6 81
> - 1E B3 E3 2F 6F 91 E0 78
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-Protocol [7] 6
> PPP [1]
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-Compression [13] 6 VJ
> TCP/IP Header Compressi[1]
> Sep 18 12:11:13.637 PDT: RADIUS: Framed-IP-Address [8] 6
> 100.127.248.222
> Sep 18 12:11:13.637 PDT: RADIUS: Vendor, Cisco [26] 58
> Sep 18 12:11:13.637 PDT: RADIUS: ssg-service-info [251] 52
> "QU;4500000;843750;1687500;D;4500000;843750;1687500"
> Sep 18 12:11:13.637 PDT: RADIUS: Filter-Id [11] 23
> Sep 18 12:11:13.637 PDT: RADIUS: 63 75 73 74 6F 6D 65 72 5F 69 6E 62
> 6F 75 6E 64 [customer_inbound]
> Sep 18 12:11:13.637 PDT: RADIUS: 31 2E 6F 75 74 [ 1.out]
> Sep 18 12:11:13.637 PDT: RADIUS(0000003F): Received from id 1645/45
> Sep 18 12:11:13.638 PDT: %SGPM-3-POLICY_RULE_SERVICE_CONFIG_ERROR:
> Service () is configured incorrectly, service_failed event will be thrown
>
> if I remove the Filter-Id, this error goes away. the referenced filter
> (access-list) does exist. Not sure what the issue here is. Anyone know?
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr920 - pppoe - Filter-Id is fail [ In reply to ]
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/