[cisco-bba] UPDATE - Only work with 7 user (client)
Tom Miller
tom at hostwebase.com
Sun Nov 26 02:24:07 EST 2006
Mark,
After review the debug output. It seems there is a
problem
at the other end of the L2TP tunnel cause the time
out that
is why it was not able to establish a connection. I
am
sure if I am interpret it correctly and not quite
sure
what to do with it. Please advice.
Look for the ===> Missed 5 keepalives
First attempt:
7w5d: Tnl 10005 L2TP: O Hello to drbrtj08rr.mi.AADS
tnlid 36530
7w5d: Vi8 PPP: Missed 5 keepalives, taking LCP down
7w5d: Vi8 IPCP: State is Closed
7w5d: Vi8 PPP: Phase is DOWN [0 sess, 1 load]
7w5d: Vi8 Tnl/Cl 13221/50405 L2TP: O CDN to
sfldse31rr.mi.AADS 22931/57582
7w5d: Vi8 Tnl/Cl 13221/50405 L2TP: Destroying
session
7w5d: Vi8 Tnl/Cl 13221/50405 L2TP: Session state
change from established to idle
7w5d: Vi8 Tnl/Cl 13221/50405 L2TP: Releasing idb for
LAC/LNS tunnel 13221/22931 session 50405 state idle
7w5d: Vi8 VTEMPLATE: Free vaccess
7w5d: Vi8 VTEMPLATE: Wait for interface to
transition to down before freeing
7w5d: Vi8 VTEMPLATE: Try to free a freed vaccess
7w5d: Vi8 VTEMPLATE: Try to free a freed vaccess
7w5d: Vi8 PPP: Phase is ESTABLISHING, Passive Open
[0 sess, 1 load]
7w5d: Vi8 LCP: State is Listen
*Nov 26 00:33:43 UTC: %LINK-3-UPDOWN: Interface
Virtual-Access8, changed state to down
7w5d: Vi8 VTEMPLATE: Wait for line protocol to
transition to down before freeing
7w5d: Vi8 LCP: State is Closed
7w5d: Vi8 PPP: Phase is DOWN [0 sess, 1 load]
7w5d: Vi8 VTEMPLATE: Try to free a freed vaccess
7w5d: Vi8 VTEMPLATE: Try to free a freed vaccess
7w5d: Vi8 VTEMPLATE: Try to free a freed vaccess
*Nov 26 00:33:44 UTC: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Virtual-Access8, changed state
to down
7w5d: Vi8 VTEMPLATE: Interface and line protocol are
down, proceed to free
7w5d: Vi8 Debug: Condition 1, interface Vt1 cleared,
count 0
7w5d: VTEMPLATE: Clean up dirty vaccess queue, size
1
7w5d: Vi8 VTEMPLATE: Found a dirty vaccess clone
with vtemplate
7w5d: Vi8 VTEMPLATE: ************ UNCLONE VACCESS8
**************
7w5d: Vi8 VTEMPLATE: Unclone to-be-freed command#7
interface Virtual-Access8
default ip unnumbered loopback 2
default ip address 209.104.172.1 255.255.255.128
default ip address 209.104.172.1 255.255.255.128
default ip address 209.104.172.1 255.255.255.128
default mtu 1492
default encap ppp
default ip address
end
7w5d: Vi8 VTEMPLATE: Remove cloneblk vtemplate with
vtemplate
7w5d: Vi8 VTEMPLATE: Set default settings with no ip
address
7w5d: Vi8 VTEMPLATE: Add vaccess to recycle queue,
queue size 2
********** Second Attempt *****************
w5d: Vi9 LCP: MRU 1492 (0x010405D4)
7w5d: Vi9 LCP: AuthProto CHAP (0x0305C22305)
7w5d: Vi9 LCP: MagicNumber 0x1B89FAC3
(0x05061B89FAC3)
7w5d: Vi9 LCP: State is Open
7w5d: Vi9 PPP: Phase is AUTHENTICATING, by this end
[0 sess, 1 load]
7w5d: Vi9 CHAP: O CHALLENGE id 108 len 30 from
"EIDSLRtr1"
7w5d: Vi9 CHAP: I RESPONSE id 108 len 47 from
"olgchurch at cecom.net"
*Nov 26 00:46:49 UTC: %SEC-6-IPACCESSLOGP: list 111
permitted udp 172.17.17.17(0) (FastEthernet1/0
0003.ba05.1c88) -> 17
2.17.17.1(0), 1 packet
7w5d: Vi9 CHAP: O SUCCESS id 108 len 4
7w5d: Vi9 PPP: Phase is UP [0 sess, 1 load]
7w5d: Vi9 IPCP: O CONFREQ [Closed] id 1 len 10
7w5d: Vi9 IPCP: Address 209.104.172.1
(0x03062665AC01)
7w5d: Vi9 IPCP: I CONFREQ [REQsent] id 77 len 22
7w5d: Vi9 IPCP: Address 0.0.0.0 (0x030600000000)
7w5d: Vi9 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
7w5d: Vi9 IPCP: SecondaryDNS 0.0.0.0
(0x830600000000)
7w5d: Vi9 AAA/AUTHOR/IPCP: Start. Her address
0.0.0.0, we want 0.0.0.0
7w5d: Vi9 AAA/AUTHOR/IPCP: Done. Her address
0.0.0.0, we want 209.104.172.13
7w5d: Vi9 IPCP: O CONFREJ [REQsent] id 77 len 16
7w5d: Vi9 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
7w5d: Vi9 IPCP: SecondaryDNS 0.0.0.0
(0x830600000000)
7w5d: Vi9 IPCP: I CONFACK [REQsent] id 1 len 10
7w5d: Vi9 IPCP: Address 209.104.172.1
(0x03062665AC01)
7w5d: Vi9 IPCP: I CONFREQ [ACKrcvd] id 78 len 10
7w5d: Vi9 IPCP: Address 0.0.0.0 (0x030600000000)
7w5d: Vi9 AAA/AUTHOR/IPCP: Start. Her address
0.0.0.0, we want 209.104.172.13
7w5d: Vi9 AAA/AUTHOR/IPCP: Done. Her address
0.0.0.0, we want 209.104.172.13
7w5d: Vi9 IPCP: O CONFNAK [ACKrcvd] id 78 len 10
7w5d: Vi9 IPCP: Address 209.104.172.13
(0x03062665AC0D)
7w5d: Vi9 IPCP: I CONFREQ [ACKrcvd] id 79 len 10
7w5d: Vi9 IPCP: Address 209.104.172.13
(0x03062665AC0D)
7w5d: Vi9 AAA/AUTHOR/IPCP: Start. Her address
209.104.172.13, we want 209.104.172.13
7w5d: Vi9 AAA/AUTHOR/IPCP: Done. Her address
209.104.172.13, we want 209.104.172.13
7w5d: Vi9 IPCP: O CONFACK [ACKrcvd] id 79 len 10
7w5d: Vi9 IPCP: Address 209.104.172.13
(0x03062665AC0D)
7w5d: Vi9 IPCP: State is Open
7w5d: Vi9 IPCP: Install route to 209.104.172.13
*Nov 26 00:46:50 UTC: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Virtual-Access9, changed state
to up
7w5d: Tnl 47262 L2TP: I Hello from
sfldse34rr.mi.AADS tnl 55202
7w5d: Tnl 10005 L2TP: O Hello to drbrtj08rr.mi.AADS
tnlid 36530
7w5d: Vi9 PPP: Missed 5 keepalives, taking LCP down
7w5d: Vi9 IPCP: State is Closed
7w5d: Vi9 PPP: Phase is DOWN [0 sess, 1 load]
7w5d: Vi9 Tnl/Cl 13221/50406 L2TP: O CDN to
sfldse31rr.mi.AADS 22931/59466
7w5d: Vi9 Tnl/Cl 13221/50406 L2TP: Destroying
session
7w5d: Vi9 Tnl/Cl 13221/50406 L2TP: Session state
change from established to idle
7w5d: Vi9 Tnl/Cl 13221/50406 L2TP: Releasing idb for
LAC/LNS tunnel 13221/22931 session 50406 state idle
7w5d: Vi9 VTEMPLATE: Ignoring free request, still in
use
7w5d: Vi9 VPDN: Vtemplate failure 10 upon freeing
interface
7w5d: Vi9 VTEMPLATE: Ignoring free request, still in
use
7w5d: Vi9 VPDN: Vtemplate failure 10 upon freeing
interface
7w5d: Vi9 VTEMPLATE: Ignoring free request, still in
use
7w5d: Vi9 VPDN: Vtemplate failure 10 upon freeing
interface
7w5d: Vi9 PPP: Phase is ESTABLISHING, Passive Open
[0 sess, 1 load]
7w5d: Vi9 LCP: State is Listen
*Nov 26 00:49:43 UTC: %LINK-3-UPDOWN: Interface
Virtual-Access9, changed state to down
7w5d: Vi9 LCP: State is Closed
7w5d: Vi9 PPP: Phase is DOWN [0 sess, 1 load]
7w5d: Vi9 VTEMPLATE: Ignoring free request, still in
use
7w5d: Vi9 VPDN: Vtemplate failure 10 upon freeing
interface
7w5d: Vi9 VTEMPLATE: Ignoring free request, still in
use
7w5d: Vi9 VPDN: Vtemplate failure 10 upon freeing
interface
7w5d: Vi9 VTEMPLATE: Ignoring free request, still in
use
7w5d: Vi9 VPDN: Vtemplate failure 10 upon freeing
interface
7w5d: Vi9 VTEMPLATE: Free vaccess
7w5d: Vi9 VTEMPLATE: Wait for line protocol to
transition to down before freeing
7w5d: Vi9 IPCP: Remove route to 209.104.172.13
*Nov 26 00:49:44 UTC: %LINEPROTO-5-UPDOWN: Line
protocol on Interface Virtual-Access9, changed state
to down
7w5d: Vi9 VTEMPLATE: Interface and line protocol are
down, proceed to free
7w5d: Vi9 Debug: Condition 1, interface Vt1 cleared,
count 0
7w5d: VTEMPLATE: Clean up dirty vaccess queue, size
1
7w5d: Vi9 VTEMPLATE: Found a dirty vaccess clone
with vtemplate
7w5d: Vi9 VTEMPLATE: ************ UNCLONE VACCESS9
**************
7w5d: Vi9 VTEMPLATE: Unclone to-be-freed command#7
interface Virtual-Access9
default ip unnumbered loopback 2
default ip address 209.104.172.1 255.255.255.128
default ip address 209.104.172.1 255.255.255.128
default ip address 209.104.172.1 255.255.255.128
default mtu 1492
default encap ppp
default ip address
end
7w5d: Vi9 VTEMPLATE: Remove cloneblk vtemplate with
vtemplate
7w5d: Vi9 VTEMPLATE: Set default settings with no ip
address
7w5d: Vi9 VTEMPLATE: Add vaccess to recycle queue,
queue size 2
Thanks much,
Tom
---- Original message ----
>Date: Wed, 22 Nov 2006 06:34:50 -0800
>From: Mark Johnson <mljohnso at cisco.com>
>Subject: Re: Only work with 7 user (client)
>To: tom at hostwebase.com, gabriel.grissett at gmail.com
>Cc: cisco-bba at puck.nether.net
>
>At 04:08 AM 11/22/2006 -0500, Tom Miller wrote:
>>Would you guys help me out with this issues again
please.
>>I am having the same problem as before. The Cisco
7204
>>won't seem to accept any more than 7 users. What
am I
>>missing here?
>
>This must be a different problem. Capture <debug
ppp neg>
>for the 8th user attempting to connect; if you
don't see
>any debug output, then the problem is VPDN and you
want to
>have a look at
>
>debug vpdn error
>debug vpdn l2x-event
>debug vpdn l2x-error
>debug vtemplate
>
>mark
>
>
>
>>Here is my 7204 configuration:
>>
>>aaa new-model
>>aaa authentication login default local
>>aaa authentication login console enable
>>aaa authentication login telnet line
>>aaa authentication login localauth local
>>aaa authentication ppp default group radius local
>>aaa authorization network default group radius
local
>>aaa accounting delay-start
>>aaa accounting nested
>>aaa accounting exec default start-stop group
radius
>>aaa accounting network default start-stop group
radius
>>
>>
>>
>>interface Loopback2
>> ip address 16.10.172.1 255.255.255.128
>>!
>>!
>>interface Virtual-Template1
>> mtu 1492
>> ip unnumbered Loopback2
>> peer default ip address pool DSLCustomer
>> ppp authentication chap callin
>>
>>
>>
>>Thanks so much
>>
>>Tom
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>---- Original message ----
>> >Date: Thu, 05 Oct 2006 19:23:24 -0700
>> >From: Mark Johnson <mljohnso at cisco.com>
>> >Subject: RE: [cisco-bba] Only work with 5 user
(client)
>> >To: tom at hostwebase.com,
gabriel.grissett at gmail.com
>> >Cc: cisco-bba at puck.nether.net
>> >
>> >At 04:31 PM 10/5/2006 -0400, Tom Miller wrote:
>> >>Guys,
>> >>
>> >>It seems to be working fine. The system is
currently
>> >>excepted up to 7 users without any issues. Can
you guy
>> >>enlighten me why it fix with the loopback
interface? Is
>> >>this a bug?
>> >
>> >IOS will not allow more than 6 interfaces with
the same
>> >static ip address. Without IP unnumbered, each
virtual-
>> >access interface is cloned with the same IP
address as
>> >the virtual-template, thus you'll fail on the
6th user
>> >(the VT counts as 1).
>> >
>> >mark
>> >
>> >
>> >>Thank you so much for your advices.
>> >>
>> >>Tom
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>---- Original message ----
>> >> >Date: Wed, 4 Oct 2006 14:38:18 -0500
>> >> >From: "Gabriel Grissett"
<gabriel.grissett at gmail.com>
>> >> >Subject: RE: [cisco-bba] Only work with 5
user
(client)
>> >> >To: <tom at hostwebase.com>
>> >> >
>> >> >Use a loopback interface ...
>> >> >
>> >> >Interface loopback 2
>> >> > ip address 192.168.172.1 255.255.255.128
>> >> >
>> >> >then change your virtual-template to...
>> >> >
>> >> >interface Virtual-Template1
>> >> > mtu 1492
>> >> > ip unnumbered loopback 2
>> >> >...
>> >> >...
>> >> >...
>> >> >
>> >> >This should be in the archives...
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-
>>bba-
>> >> >> bounces at puck.nether.net] On Behalf Of Tom
Miller
>> >> >> Sent: Wednesday, October 04, 2006 2:28 PM
>> >> >> To: cisco-bba at puck.nether.net
>> >> >> Subject: [cisco-bba] Only work with 5 user
(client)
>> >> >>
>> >> >> I have a 7204 (12.0(22)S1) terminating DSL
L2TP VPDN
>>and
>> >> >> freeradius ( 1.0.4)
>> >> >>
>> >> >> I am having problem when number of users
(clients)
>> >> >> increase from 6 and up.
>> >> >>
>> >> >> It worked fine when I have only 5 users
(clients)
using
>> >> >> the system.
>> >> >>
>> >> >> The Cisco 7204 sending missing informationn
to the
>>radius
>> >> >> server when the user # 6 try to connect.
Information
>>such
>> >> >> as Tunnel-Server-Endpoint and
Tunnel-Client-
Endpoint
>> >> >>
>> >> >>
>> >> >> I must have a missing value within my Cisco
>>configuration.
>> >> >> However, I don't know what it is.
>> >> >>
>> >> >> Would you guys help me out please.
>> >> >>
>> >> >>
>> >> >> Here is my cisco 7204 configuration:
>> >> >>
>> >> >> > aaa new-model
>> >> >> > aaa authentication login default local
>> >> >> > aaa authentication login console enable
>> >> >> > aaa authentication login telnet line
>> >> >> > aaa authentication login localauth local
>> >> >> > aaa authentication ppp default group
radius local
>> >> >> > aaa authorization network default group
radius
local
>> >> >> > aaa accounting delay-start
>> >> >> > aaa accounting nested
>> >> >> > aaa accounting exec default start-stop
group
radius
>> >> >> > aaa accounting network default start-stop
group
>>radius
>> >> >> >
>> >> >> >
>> >> >> > !
>> >> >> > vpdn enable
>> >> >> > vpdn aaa override-server 172.17.17.17
>> >> >> > !
>> >> >> > vpdn-group 1
>> >> >> > accept-dialin
>> >> >> > protocol l2tp
>> >> >> > virtual-template 1
>> >> >> > terminate-from hostname aaaabbbr.ca.AADS
>> >> >> > local name abc123456789cha
>> >> >> > lcp renegotiation always
>> >> >> > l2tp tunnel password 7 xxxxxxxxxxxxxxxx
>> >> >> > !
>> >> >> >
>> >> >> > radius-server host 172.17.17.17 auth-port
1645
acct-
>>port
>> >> >> 1646
>> >> >> >
>> >> >> >
>> >> >> > !
>> >> >> > interface Virtual-Template1
>> >> >> > mtu 1492
>> >> >> > ip address 192.168.172.1 255.255.255.128
>> >> >> > peer default ip address pool DSLCustomer
>> >> >> > ppp authentication chap callin
>> >> >> > !
>> >> >> > ip local pool DSLCustomer 192.168.172.51
>>192.168.172.125
>> >> >>
>> >> >>
>> >> >> Thank you,
>> >> >>
>> >> >> Tom
>> >> >>
>> >> >>
_______________________________________________
>> >> >> cisco-bba mailing list
>> >> >> cisco-bba at puck.nether.net
>> >> >>
https://puck.nether.net/mailman/listinfo/cisco-bba
>> >> >
>> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-bba/attachments/20061126/87d58925/attachment-0001.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-bba/attachments/20061126/87d58925/attachment-0001.htm
More information about the cisco-bba
mailing list