[cisco-bba] "wt-con" invalid sessions on 'sh vpdn session'.....

Mark Tohill Mark at u.tv
Fri Apr 11 10:15:07 EDT 2008


Hi,

Has anyone opinions on a L2TP VPDN scenrio where users are terminated on
7204VXR's running 12.3(20) (c7200-jk9s-mz.123-20.bin) IOS.

We recently saw numerous tunnels from our wholesale provider
simultaneously drop and get re-established. Our provider, in turn, saw
tunnels destined for us from the telco incumbent drop at same time also.
One of these tunnels had an unusually high no. of sessions and after
checking the tunnel we saw the following. i.e no valid users in it.

sh vpdn session | i 48335
25824 393   48335                                    wt-con 10:53:23 n/a

25839 433   48335                                    wt-con 10:52:20 n/a

25541 64954 48335                                    wt-con 11:16:37 n/a

25553 65016 48335                                    wt-con 11:15:20 n/a

27634 5458  48335                                    wt-con 08:03:30 n/a

27733 5696  48335                                    wt-con 07:56:11 n/a

And so on....

Once we cleared the tunnel with a 'clear vpdn tunnel l2tp 48335', it
cleared after a few minutes. A replacement tunnel was established
immediately which terminated users properly.



Has anyone saw this or have an idea why this would happen?

VPDN config as follows:

!
aaa new-model
!
!
!
aaa authentication login default local-case
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
aaa session-id common
!
!
interface Loopback0
 description VPDN Tunnel Endpoint
 ip address www.xxx.yyy.zzz 255.255.255.255
!
vpdn enable
vpdn history failure table-size 50
!
vpdn-group 1
 description VPDN-GROUP-1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname <hostname>
 source-ip aaa.bbb.ccc.ddd
 lcp renegotiation on-mismatch
 l2tp tunnel password <removed>
!
!
virtual-template 1 pre-clone 8000
!
!
interface Virtual-Template1
 description Virtual Template
 mtu 1460
 ip unnumbered Loopback0
 ip tcp adjust-mss 1420
 no logging event link-status
 no snmp trap link-status
 peer default ip address pool default
 ppp mtu adaptive proxy
 ppp authentication chap
!

Thanks,
Mark



More information about the cisco-bba mailing list