[cisco-bba] Strange VPDN Multihop Behaviour
Clayton Zekelman
clayton at MNSi.Net
Tue Oct 30 10:41:38 EDT 2007
We have a Cisco7206 acting as a LAC for PPPoE sessions coming from an
Ethernet based DSLAM. We've had a number of issues with regards to
Cisco's broken VLAN range implementation, but now we have a VERY
strange situation.
We have the router set up to tunnel all customers with the @mnsi.net
suffix. It seems to be working - sometimes.
2 customers for some reason are authenticating locally, despite the
fact that we have the tunneling configured. Other customers are
tunneling just fine. Its very odd, but repeatable. We don't know
what PPPoE client software the customers are running. I'm really not
sure what could cause a customer's client software to force the
router to authenticate them locally rather than tunneling.
Here are most of the relevant pieces of info:
We're running Version 12.4(15)T1
vpdn-group tunnel
request-dialin
protocol l2tp
domain mnsi.net
initiate-to ip 216.8.XXX.XXX
initiate-to ip 216.8.XXX.XXX
local name lns1
l2tp tunnel password 7 XXXXXXXXXXXXXXXXX
l2tp tunnel receive-window 1024
bba-group pppoe global
virtual-template 1
service profile PPPoE
vendor-tag circuit-id service
sessions max limit 5000
ac name lns1
sessions per-vc limit 5
sessions per-mac limit 2
sessions auto cleanup
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
ip load-sharing per-packet
no logging event link-status
load-interval 30
peer default ip address pool dynamic1
ppp authentication pap ppp_local
ppp authorization ppp_local
ppp ipcp dns 216.8.XXX.XXX 216.8.XXX.XXX
aaa authentication login default line
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authentication ppp ppp_local group radius
aaa authorization network default local
aaa authorization network ppp_local group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius
---
Clayton Zekelman
Managed Network Systems Inc. (MNSi)
344-300 Tecumseh Rd. E.
Windsor, Ontario
N8X 5E8
tel. 519-985-8410
fax. 519-985-8409
More information about the cisco-bba
mailing list