[cisco-bba] Strange VPDN Multihop Behaviour

Frank Bulk - iNAME frnkblk at iname.com
Tue Oct 30 20:24:23 EDT 2007 

Have you tried sniffing the initial PPPoE connection and/or turning on debug
on the router to see if there's something you can compare/contrast with
other, working connections?  If so, can you post them on a page for us to
compare?

Frank

P.S. take care when using debug -- make sure to set the appropriate
conditions!

-----Original Message-----
From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Clayton Zekelman
Sent: Tuesday, October 30, 2007 9:42 AM
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] Strange VPDN Multihop Behaviour


We have a Cisco7206 acting as a LAC for PPPoE sessions coming from an
Ethernet based DSLAM.  We've had a number of issues with regards to
Cisco's broken VLAN range implementation, but now we have a VERY
strange situation.

We have the router set up to tunnel all customers with the @mnsi.net
suffix.  It seems to be working - sometimes.

2 customers for some reason are authenticating locally, despite the
fact that we have the tunneling configured.   Other customers are
tunneling just fine.  Its very odd, but repeatable.  We don't know
what PPPoE client software the customers are running.  I'm really not
sure what could cause a customer's client software to force the
router to authenticate them locally rather than tunneling.

Here are most of the relevant pieces of info:

We're running Version 12.4(15)T1

vpdn-group tunnel
  request-dialin
   protocol l2tp
   domain mnsi.net
  initiate-to ip 216.8.XXX.XXX
  initiate-to ip 216.8.XXX.XXX
  local name lns1
  l2tp tunnel password 7 XXXXXXXXXXXXXXXXX
  l2tp tunnel receive-window 1024

bba-group pppoe global
  virtual-template 1
  service profile PPPoE
  vendor-tag circuit-id service
  sessions max limit 5000
  ac name lns1
  sessions per-vc limit 5
  sessions per-mac limit 2
  sessions auto cleanup

  interface Virtual-Template1
  mtu 1492
  ip unnumbered Loopback0
  ip load-sharing per-packet
  no logging event link-status
  load-interval 30
  peer default ip address pool dynamic1
  ppp authentication pap ppp_local
  ppp authorization ppp_local
  ppp ipcp dns 216.8.XXX.XXX 216.8.XXX.XXX

aaa authentication login default line
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authentication ppp ppp_local group radius
aaa authorization network default local
aaa authorization network ppp_local group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius



---
Clayton Zekelman
Managed Network Systems Inc. (MNSi)
344-300 Tecumseh Rd. E.
Windsor, Ontario
N8X 5E8

tel. 519-985-8410
fax. 519-985-8409

_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

More information about the cisco-bba mailing list