[cisco-bba] Strange VPDN Multihop Behaviour

Clayton Zekelman clayton at MNSi.Net
Tue Oct 30 10:41:38 EDT 2007 

We have a Cisco7206 acting as a LAC for PPPoE sessions coming from an 
Ethernet based DSLAM.  We've had a number of issues with regards to 
Cisco's broken VLAN range implementation, but now we have a VERY 
strange situation.

We have the router set up to tunnel all customers with the @mnsi.net 
suffix.  It seems to be working - sometimes.

2 customers for some reason are authenticating locally, despite the 
fact that we have the tunneling configured.   Other customers are 
tunneling just fine.  Its very odd, but repeatable.  We don't know 
what PPPoE client software the customers are running.  I'm really not 
sure what could cause a customer's client software to force the 
router to authenticate them locally rather than tunneling.

Here are most of the relevant pieces of info:

We're running Version 12.4(15)T1

vpdn-group tunnel
  request-dialin
   protocol l2tp
   domain mnsi.net
  initiate-to ip 216.8.XXX.XXX
  initiate-to ip 216.8.XXX.XXX
  local name lns1
  l2tp tunnel password 7 XXXXXXXXXXXXXXXXX
  l2tp tunnel receive-window 1024

bba-group pppoe global
  virtual-template 1
  service profile PPPoE
  vendor-tag circuit-id service
  sessions max limit 5000
  ac name lns1
  sessions per-vc limit 5
  sessions per-mac limit 2
  sessions auto cleanup

  interface Virtual-Template1
  mtu 1492
  ip unnumbered Loopback0
  ip load-sharing per-packet
  no logging event link-status
  load-interval 30
  peer default ip address pool dynamic1
  ppp authentication pap ppp_local
  ppp authorization ppp_local
  ppp ipcp dns 216.8.XXX.XXX 216.8.XXX.XXX

aaa authentication login default line
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authentication ppp ppp_local group radius
aaa authorization network default local
aaa authorization network ppp_local group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius



---
Clayton Zekelman
Managed Network Systems Inc. (MNSi)
344-300 Tecumseh Rd. E.
Windsor, Ontario
N8X 5E8

tel. 519-985-8410
fax. 519-985-8409

More information about the cisco-bba mailing list