[cisco-bba] 7204VXR(NPE-G1) running c7200-jk9s-mz.123-14.T3.bin

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Sep 1 05:47:04 EDT 2006


Mark,

> I think the reason why we needed the 'T' image was the fact that we
> upgraded to NPE-G1's and we probably took the latest 'T' image we
> could. 

the NPE-G1 is already supported in 12.3 mainline.
 
> The reason we went for pre-cloned was because of RADIUS performance
> issues when the box's were rebooted/reloaded or we lost VPDN tunnels.
> Routers were swamped with RADIUS timeouts.

true, but virtual-access subinterfaces are even better to address this
problem as they're lightweight interfaces not needing as many resources,
so there is no need to pre-clone these. Unless you're doing something
fancy in the Radius profiles like access-list or "lcp:interface-config",
you should be fine using VAI sub-interfaces. Try "test virtual-template
1 subinterface" and check if any command on your vtemplate prevents you
from using subinterfaces. Then I'd remove the pre-clone command and
check if users start to use VAI sub-interfaces.

In addition, you want to enable "radius-server source-ports extended"
(to allow for more than 256 concurrent outstanding Radius requests),
enable "radius-server deadtime <min>" to active a more apppropriate
dead-server detection algorithm for this environment, and you also want
to watch your input queues when many uses try to login at the same
time..

	oli



More information about the cisco-bba mailing list