[cisco-bba] BNAS Authentication Problems

Dennis Peng dpeng at cisco.com
Wed Apr 20 18:08:35 EDT 2005


Would need more information. If you have debugs from when these
sessions connect, that would be the most helpful. "debug ppp negot",
"debug aaa per", "debug aaa author", and "debug radius" would probably
be the most helpful. If you don't have debugs, please at least send
the user profile. Usually when IPCP closes, it is because of
authorization failure, which can result from an IPCP attribute failing
when applied (maybe the profile refers to a invalid ACL, or there is a
syntax error in a route or ACL definition).

Dennis

Mark [mac at telvia.it] wrote:
> Hi,
> 
> we have some problems with some DSL user not being able to log on our 
> BNASes.
> 
> Problems seems affecting IPCP authorization phase but is strange that 
> only few (two) in thousand of customers are affected by this problems.
> 
> Below a show caller output for the customers affected by this problem.
> 
> BNAS#sh caller user user1 detailed
> 
>    User: user1, line Vi46, service PPPoATM
>          Connected for 02:22:29, Idle for 00:00:19
>    Timeouts:    Limit     Remaining Timer Type
>                 -         -         -
>    PPP: LCP Open, PAP (<-)
>    LCP: -> peer, AuthProto, MagicNumber
>         <- peer, MRU, MagicNumber
>    NCP: Closed IPCP
>    IP: Local 10.10.0.1, remote 10.10.100.35
>    Counts: 3728 packets input, 193793 bytes, 0 no buffer
>            0 input errors, 0 CRC, 0 frame, 0 overrun
>            1004 packets output, 10663 bytes, 0 underruns
>            0 output errors, 0 collisions, 0 interface resets
> 
> NCP state point to a closed IPCP state! Some one can point me what are 
> going wrong?
> 
> Mark
> 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba


More information about the cisco-bba mailing list